Customize notable event settings in Splunk Enterprise Security Expand tokens in notable events using the expandtoken command Manage investigations in Splunk Enterprise Security Administer and customize the investigation workbench Manage and customize investigation statuses in Splunk Enterprise Security Corr...
<search id="First_Base_Search"> <query>index=_internal sourcetype=splunkd cpu_seconds=* name IN ("indexerpipe","exec","merging") | stats perc50(date_second) as s50, perc90(date_second) as s90 by date_wday name | eval s50=round(s50,2), s90=round(s90,2)</query> <earliest...
Customize notable event settings in Splunk Enterprise Security Expand tokens in notable events using the expandtoken command Manage investigations in Splunk Enterprise Security Administer and customize the investigation workbench Manage and customize investigation statuses in Splunk Enterprise Security ...