Splunk Cloud Platform

Workload Management Rule - No AllTime searches

jeremiahMN
Explorer

I'm following the example provided here.
https://docs.splunk.com/Documentation/Splunk/9.0.2/Workloads/AdmissionRules#Example_admission_rules

search_time_range=alltime AND (NOT role=sc_admin) AND (NOT app=splunk_instance_monitoring)

However when I look in the monitoring console it shows that it's blocking some things that I believe are built in searches. (we use splunk cloud)
Cleanup Models For Predictive Analytics
itsi_content_packs_status_update
Telemetry - Inputs
itsi_event_grouping
Telemetry - Volume

All of these things have user as "nobody". I tried to add AND (NOT user=nobody) to my workload rule, but tells me.
validation failed with error=invalid value of predicate 'user'

Labels (1)
0 Karma
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...