Hello,
Reviewing the new Splunk for k8s addon, you could please review the savedsearches.conf and add a minimal default earliest and latest timerange to the searches ?
For example:
dispatch.earliest_time = -24h
dispatch.latest_time = now
Currently the searches will run over All time by default since only the search definition exist on a per stanza statement.
That is not good practices for customers.
Kind regards,
Guilhem
Hey Guilmxm!
Thanks for pointing this out. I provided the same feedback and am working with the team to clean up :).
Will report back once it is done. Also feel free to provide any other feedback you might have!
Matt
Hey Guilmxm!
Thanks for pointing this out. I provided the same feedback and am working with the team to clean up :).
Will report back once it is done. Also feel free to provide any other feedback you might have!
Matt