Explain how will you set default search time in Splunk 6.

1.	Explain how will you set default search time in Splunk 6.
Answer» Using 'ui-prefs.conf' in Splunk 6, we can specify the default search TIME. If we set the value as follows, all users would see it as the default setting: $SPLUNK_HOME/etc/system/local For example, if our $SPLUNK_HOME/etc/system/local/ui-prefs.conf FILE Includes [search] dispatch.earliest_time = @d dispatch.latest_time = now The default time RANGE that will appear to all users in the search APP is today.

Answer»

Using 'ui-prefs.conf' in Splunk 6, we can specify the default search TIME. If we set the value as follows, all users would see it as the default setting: $SPLUNK_HOME/etc/system/local

For example, if our $SPLUNK_HOME/etc/system/local/ui-prefs.conf FILE Includes

[search] dispatch.earliest_time = @d dispatch.latest_time = now

The default time RANGE that will appear to all users in the search APP is today.

Discussion

No Comment Found

Related InterviewSolutions

Name the commands used to enable and disable Splunk boot start.
Name the commands used to restart Splunk Web Server and Splunk Daemon.
Explain how Splunk avoids duplicate indexing of logs.
How to reset Splunk Admin (Administrator) password?
What is the best way to clear Splunk's search history?
Explain how will you set default search time in Splunk 6.
What do you mean by buckets? Explain Splunk bucket lifecycle?
Explain what is a fish bucket and fish bucket index.
What do you mean by SF (Search Factor) and RF (Replication Factor)?
State difference between Search head pooling and Search head clustering.

Explain how will you set default search time in Splunk 6.

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment