It looks like Security Essentials has a conflict (Duplicate Search) with Enterprise Security. Can you please update the app to resolve this issue.
Configuration file settings may be duplicated in multiple apps: stanza="Unique_Hosts_Logged_Into_Per_Day" file="savedsearches" apps="Splunk_Security_Essentials,SplunkEnterpriseSecuritySuite"
Hi - was there ever a resolution to this? The messages are annoying and I'm not really sure how to remedy the duplicated stanza other than commenting them out if one of the savedsearches configurations. Is that all I need to do?
It has been a while since I did this but generally speaking I searched all the .conf files for the string Unique_Hosts_Logged_Into_Per_Day and once I found the files I edited the stanza in the .conf file directly. The file was savedsearches.conf in one of the ES apps under etc/apps.
I had some extra cycles to troubleshoot this and it looks like my SOC team had created a search in Enterprise Security with the same name a while back. I just renamed the saved search in ES.
You can ignore this issue.