Could not get it working. However replacing cert.pem and privkey.pem directly in /opt/splunk/etc/auth/splunkweb with my fullchain.pem and my private key, renamed as original work OK.
... View more
How about this
your query to return fields
| rex field=cs_uri_stem "\"(?<base_url>\/([^\/]+\/)+)(?<guid>[^\"]+)\""
| table base_url, guid
see extraction here
... View more
If your search does not contain any data, the pivot icon will not be available.,if your search does not contain data, the pivot icon will not be available.
... View more