Hello fellow Splunkers,
I am using the following query to fetch the splunk app name in standalone search head -
| rest /services/search/jobs splunk_server=local
| addinfo
| where sid = info_sid
| rename eai:acl.app as app_name
| fields + app_name
However, this same query is not working in SHC. It shows *No results found*
Any suggestions would be appreciated.
Thanks!
↧
