the savedsearches.conf file in the path splunk_TA_snow/local is empty and
the savedsearches.conf file in the path splunk_TA_snow/default is having the content :
[ServiceNow CMDB CI Services]
disabled = 1
action.email.reportServerEnabled = 0
action.email.useNSSubject = 1
alert.track = 0
cron_schedule = 0 * * * *
description = Saved search which populates the CMDB CI Relations from ServiceNow
dispatch.earliest_time = 0
dispatch.latest_time = now
display.general.type = statistics
display.visualizations.show = 0
enableSched = 1
request.ui_dispatch_app = search
request.ui_dispatch_view = search
search = eventtype=snow_cmdb_ci_service | dedup sys_id | fields - _bkt, _cd,_indextime,_kv,_raw,_serial,_si,_sourcetype,_subsecond, punct, index, source, sourcetype | inputlookup append=t cmdb_ci_service_lookup | dedup sys_id | outputlookup cmdb_ci_service_lookup
[ServiceNow Sys Choice List]
disabled = 1
action.email.reportServerEnabled = 0
action.email.useNSSubject = 1
alert.track = 0
cron_schedule = 0 * * * *
description = Saved search which populates the sys choice list from ServiceNow
dispatch.earliest_time = 0
dispatch.latest_time = now
display.general.type = statistics
display.visualizations.show = 0
enableSched = 1
request.ui_dispatch_app = search
request.ui_dispatch_view = search
search = eventtype=snow_sys_choice_list | table name, element, value, sys_id | inputlookup append=t sys_choice_list_lookup | dedup sys_id | sort + name, element | outputlookup sys_choice_list_lookup
[ServiceNow Incident State]
disabled = 1
action.email.reportServerEnabled = 0
action.email.useNSSubject = 1
alert.track = 0
cron_schedule = 0 * * * *
description = Saved search which populates incident state from ServiceNow
dispatch.earliest_time = 0
dispatch.latest_time = now
display.general.type = statistics
display.visualizations.show = 0
enableSched = 1
request.ui_dispatch_app = search
request.ui_dispatch_view = search
search = eventtype=snow_sys_choice_list name="incident" element="state" | eval incident_state_name=label | eval state=value | eval incident_state=value| dedup state, incident_state, incident_state_name | table state, incident_state, incident_state_name| inputlookup append=t incident_state_lookup | dedup state | sort + state | outputlookup incident_state_lookup
... View more