Disable the "open in search" function in a dashboard.

<option name="link.visible">false</option>

One shot log ingestion: (super useful!)

$SPLUNK_HOME/bin/splunk add oneshot "/path/to/file" -index <index> -sourcetype <sourcetype> -auth admin:changeme

Remove indexed logs

splunk cmd btprobe -d $SPLUNK_DB/fishbucket/splunk_private_db --file --reset

track files being read

https://<server>:8089/services/admin/inputstatus/TailingProcessor%3AFileStatus