Hello everyone,
I'm very new to splunk and I find it very different than what I have worked so far. I am writing saved searches, where I am passing arguments to the search. I'm looking for a solution how would I be able to pass arguments to a search, that default to a value if the parameter was not given. Something like this:
[My Search]
search = | savedsearch "Sample Search" \
argument1=$argument1$ \
argument2=$argument2$ \
argument3=if(isnull($argument3$), default_value, $argument3$)
Any advice?
Thanks,
... View more