Hi, We have two indexes wich are stuck in fixeup task.  Our environment exist off  some indexing peers  wich are atached to smartstore.   This mornig there is a warning no sf and rf is met. Two indexes are in this degraded state. Checking the bucket status there are two buckets from two different indexes whish doesn't get fixed. Those buckets are mentioned in the search factor fix, replication factor fix and generation. The last has the notice "No possible primaries". Searching on the indexer which is mentioned in the bucket info it says: DatabaseDirectoryManager [838121 TcpChannelThread] - unable to check if cache_id="bid|aaaaaa~183~839799B0-6EAF-436C-B12A-2CDC010C1319|" is stable with CacheManager as it is not present in CacheManager and ERROR ClusterSlaveBucketHandler [838121 TcpChannelThread] - Failed to trigger replication (err='Cannot replicate remote storage enabled warm bucket, bid=aaaaaa~183~839799B0-6EAF-436C-B12A-2CDC010C1319 until it's uploaded' what can be wrong, and what to do about it?   Thanks in advance Splunk enterprise v9.0.5,  on premisse smartstore.

I have a lookup file like below, the query should send mails to each person with that respective row information. and if mail1 column is empty, then query should consider mail2 column value to send mails. and if mail2 column is empty, the query should consider mail3 column value to send mail. and if mail1, mail2 are empty then query should consider mail3 column value to send mail. Emp occupation location firstmail secondarymail thirdmail abc aaa hhh aa@mail.com gg@mail.com def ghjk gggg bb@mail.com ff@mail.com ghi lmo iiii   hh@mail.com jkl pre jjj     dd@mail.com mno swq kkk aa@mail.com ii@mail.com   example, aa@mail.com..should receive mail like below in tabluar format Emp occupation location firstmail secondarymail thirdmail abc aaa hhh aa@mail.com gg@mail.com mno swq kkk aa@mail.com ii@mail.com   so likewise query should read complete table and send mails to persons individually....containing that specific row information in tabluar format. Please help me with the query and let me know incase of any clarification on the requirement.

Hello fellow Splunkthusiasts! TL;DR: Is there any way to connect one indexer cluster to two distinct license servers?   Our company has two different licenses: one acquired directly by the company (we posses the license file) the other was acquired by a corporate group to which our company belongs, it is provided to us through group's license server (it is actually some larger license split to several pools, one of them being available to us). The obvious solution is to have one IDXC for each license with SHs searching both clusters. However, both licenses together are approximately 100GB/day, therefore building two independent indexer clusters feels like a waste of resources. What is the best way to approach this?

Hi, After migrating to version 9.1.2 we have to rewrite some classic dashboards in dashboard studio. Is there a way to send the colored lines to the back or send the circles to the front? It simply won't work to put any figure on top of lines, the lines will always be on top. I tried to insert some html customization but still nothing (<row> <panel> <html> <style> div[data-id*="_CIRCLE"]{ z-index: 100; } </style> </html> </panel> </row>) Any help would be much appreciated.

So I want to extract the last word as a field on each search result but want to grab those that only fulfils the following conditions: 1) the last word before space 2) exclude those with a period "." right after the last word sample events: the current status is START system goes on … the current status is STOP please do ….. the current status is PENDING. And my rex will extract the words from “status is “ and the word right after, but if that word has a period right after, I don’t want to extract. I only been able to retrieve everything using the following, but not able to exclude those with a period right after. rex field=_raw "status is\s(?<status>[^\s]+)"

Currently, I am switching to a higher version of the Lookup Editor app, but I am having "issues" as described below. Ver 3.3.3 Ver 4.0.2 Cells have values (low, medium, high, ..) that do not change the background color or text. I checked the console.log output (Ver 4.0.2) and got some logs. Can anyone give me some advice? Thank you.