The Bloodhound Enterprise TA is run on the HF and generates an updated KV file every 4 hours.  I wrote a script that runs and turns the kvstore entries into alerts.  Due to some weirdness in the data, the question has come up, can the kvstore on the HF be copied to a SH.  I haven't found a suggestion that I think will work.  We are running Splunk Enterprise 9.1.1 on prem on servers running RHEL 8.8. TIA, Joe

Splunk Studio show a message or icon for a Pie chart which returns no data:   I am looking to display an icon or message if no results are found on a pie chart in place of the grey pie image on a dashboard if no results are found. Index=test (Eventcode=4010 OR Evnetcode=4011) | stats latest (eventcode) as latest_event_code by Site | eval Site= upper(site) | where latest_event_code=4010     I have been trying appends like the following: | stats count |eval NoResult="0" | Where count=0 | appendpipe [stats count | eval Noresult="0" | eval test="test Message"]

Hi Splunkers, I have a doubt about License Consumption. I'm not here to ask how to calculate daily ingestion and/or license consumption in a Splunk Envrinonment. Community is full of topic about this and I have my search I use when no Monitor Console is configured. The point is the following: on a LM, I have 3 different environment, each one with a set of SH, indexers and so on. The only "point of contact" is the LM itself, so, in a schematic way: Env A (SHs, IDX cluster, others hosts) ---> LM "X" Env B (SHs, IDX cluster, others hosts) ---> LM "X" Env C (SHs, IDX cluster, others hosts) ---> LM "X" Question is: what about if I have to search daily license consumption for only one of above ENVs? For example, I want calculate license consumption only for Env A. First thing I thought: Ok, I have two options: Use MC Use my search on _internal logs, based on license consumption data, and specify, as idx parameter, only indexes subset for desiderd ENV. PROBLEM: ENVs have not totally different indexes. For example, index "linux_audit" is set on all 3 env. So, if I try to differentiate cluster based on their own indexes, I'm not able to do this.

Hi team, I am using AppDynamics SaaS version 23.11 and monitoring my on-premise servers and applications. Some volumetrics data on agents used,  Agent wise  Prod DTA Machine Agent 4612 3211 App Agent 884 414 DB Agent 13 10 Analytics Agent 12 14 I would like to know amount of traffic sent from my on-premise AppD agents ( machine, app, DB and analytics) to controller. If there is a way to get those numbers ( not expecting exact at least approx should be fine) then please let me know. Please note, we are not using any proxy in-between agents and controller.

Can I retrieve list of alerts shared in App level, Is it possible? |rest /services/saved/searches | search eai:acl.app=my_app eai:acl.sharing=app | fields eai:acl.owner eai:acl.app eai:acl.sharing search title cron_schedule description