Hello I tried to change a Custom App name (e.g BRB_App to CAA_App) on the Deployer through the Cli but i realize that the name change only affects the Folder name not the name of the App when i checked the UI. Is there a way to effect that change to affect the Name of the custom App and not just the folder name 

Hi, I'm looking for a way to connect the SPLUNK to a ODCB data base, so the Splunk will be able to pull any data needed from that data base. So far, I have been told that the SPLUNK is working with JDBC and the other product is working with ODBC, so there is no way to make that connection. Can someone tell me otherwise?  

Good day All, We have enabled the searches as durable searches. In our environment due to any one or other activity the scheduled search may skip or go in delegate_remote_error or go in delegate_remote_completion with success=0. In those cases I wanted to take the last status of that scheduled search + scheduled time and check if that time period accomodates in upcoming durable_cursor. How to achieve this? I tried with below one but this just fits for successful ones. How to get the failed ones too. I am running the subsearch to take the savedsearches with scheduled time which is not success in the last 7 hours and taking those for further search to check if that durable_cursor has taken up for the next run and if it is success. Is this right approach. Or any other alternate approach available? index=_internal sourcetype=scheduler [search index=_internal sourcetype=scheduler earliest=-7h@h latest=now | stats latest(status) as FirstStatus by scheduled_time savedsearch_name | search NOT FirstStatus IN ("success","delegated_remote") | eval Flag=if(FirstStatus="delegated_remote_completion" OR FirstStatus="delegated_remote_error",scheduled_time,"NO VALUE") | fields Flag savedsearch_name | rename Flag as durable_cursor ] | stats values(status) as FinalStatus values(durable_cursor) as durable_cursor by savedsearch_name scheduled_time

I have a dashboard named dashboard1 created using splunk dashboard studio. It has dropdown as below :   Based on the selection here, it displays line graph. Example : AWSAccount selected, line graph contains different account ids. (xyseries, $Account_Selection$,costing) There is another dashboard  (dashboard2) which has details of the AWSAccounts. It has two dropdowns again- awsaccountid, accountname. My requirement is Example :  when I click on any line in the dashboard1 (where each line is different AWSAccount). It should direct to dashboard2 with this AWSAccount selected in dropdown of dashboard2. Similarly if AWSAccountName  is selected in dropdown and any account is clicked in the panel, it should direct to dashoard2 with the same AWSAccountName in the dashboard2 dropdown.  If AWSAccount is selected and clicked, accountname in dashboardw will have default value "All" i.e *. viceversa if AWSAccountName selected. What I have done ? Under interactions , I selected link to dashboard with dashboard2 and gave Token name = account_id (this is the token set in dashboard 2) Value = Name         "eventHandlers": [ { "type": "drilldown.linkToDashboard", "options": { "app": "Search", "dashboard": "dashboard2", "newTab": true, "tokens": [ { "token": "awsaccountid", "value": "name" } ] } } ] "eventHandlers": [ { "type": "drilldown.linkToDashboard", "options": { "app": "search", "dashboard": "dashboard2", "tokens": [ { "token": "awsaccountid", "value": "row.AWSAccount.value" } ], "newTab": true } } ]         This is working fine. But if I add AWSAccountName under tokens and pass value to it like above, it is causing AWSAccount value to be displayed in "awsaccountid" and "accountname" of dashboard2. Please can anyone of you help me how to implement this. Regards, PNV    

I am trying to call a 3rd party API which supports Certificate and Key based authentication. I have an on-prem instance of Splunk (Version: 9.0.2) running on a VM. I have verified the API response on the VM via curl command (Command used: curl --cert <"path to .crt file"> --key <"path to .key file"> --header "Authorization: <token>" --request GET <"url">) which gives response for a normal user. However, when running the same curl command using shell in Splunk Add-on Builder's Modular Data Inputs, the command only works with "sudo" otherwise it gives Error 403. When checked with "whoami", it returns the user as root. Question 1: Why is the curl command not working without using sudo even when the user is root. Is there any configuration that I need to modify to make it work without using sudo. Question 2: How do I make the same API call using Python code in Modular Data Inputs of Splunk Add-on Builder.