splunk-james
commented
1 year ago /default/savedsearches.conf includes these searches for example: [AWS Bill - Total Cost until Now] search = | savedsearch "AWS Bill - Monthly Latest Snapshot" | search RecordType=StatementTotal | stats sum(TotalCost) as TotalCost, first(CurrencyCode) as Curren cyCode display.general.type = statistics display.visualizations.show = 0 request.ui_dispatch_view = search
[AWS Bill - Total Cost until Now by Service] search = | savedsearch "AWS Bill - Monthly Latest Snapshot" | search RecordType=LinkedLineItem | stats sum(TotalCost) as TotalCost, first(CurrencyCode) as Curren cyCode by ProductName
disable or remove duplicate searches "AWS bill *" seemingly duplicated from the AWS Addon. There appears to be no reason for these searches to be included in this Addon.