Hi All,
We have been facing a couple of issues with our Splunk recently.
- **We created an alert initially with some condition and that worked. However, we tried changing the alert condition we specified initially, but the change is not updating to the alert**
- **Updating:**
- Updated directly from GUI search head.
- Changed in saved searches.conf and restarted splunk.
-
**We created Roles with adding filters to role initially , and tried changing filter, but it is not updating**.
- **Updating:**
- We tried changing the filter from search head GUI.
- Tried doing it in the respective search head - Authorize.conf and restarted Splunk
But the changes have not been applied - Please note our search head is in Search Head POOL.
Thanks
↧