Hello, I am using  an extract field at search time called "src_ip". To optimize search response times, I have create an indexed field extraction called "src_ip-index". How to "backendly" configure Splunk so end users will query only a single field which use both "src_ip-index" and "src_ip" , but use "src_ip-index" in priority when available due to better performance. hope it is clear enough. Best regards,

I am wondering why the two following requests, when applied to exactly the same time range, return a different value: index=<my_index> logid=0000000013 | stats count index=<my_index> logid=13 | stats count The first one returns many more results than the second. (The type indicated by Splunk for this field is "number" not "string".)

I have been struggling to create a dynamic dropdown in Splunk Dashboard studio. I have watched several video but I think they mostly talk about Classic Dashboards. I have also read the documentation but it has been of no help. My Sample Problem is: A: B,C,D W: X,Y,Z I want to create two dropdowns. Dropdown1: A, W Dropdown 2:  If "A", then "B","C,"D" options If "B", then "X","Y,"Z" options I am unable to figure out how to do this. Any help will be much appreciated. Thank you all.  

Hi, Could any one pls figure out from these below logs to achieve the use case like when we launch rdp,proxy from secretserver, we are seeing some drop in the connection eg. like look for error and handshake in logs sample event for client 2024-01-12 05:03:37,391 [CID:] [C:] [TID:197] ERROR Thycotic.RDPProxy.CLI.Session.ProxyConnection - Error encountered in RDP handshake for client 192.168.1.1 - (null) System.Exception: Assertion violated: stream.ReadByteInto(bufferStream) == 0x03 at Thycotic.RDPProxy.ContractSlim.Assert(Boolean condition, String conditionStr, String actualStr) at Thycotic.RDPProxy.Readers.ConnectionRequestProvider.ReadConnectionRequest(Stream stream, AuthenticationState clientState) at Thycotic.RDPProxy.CLI.Session.ProxyConnection.<DoHandshakeAndForward>d__20.MoveNext() sample event for user 2024-01-12 05:02:11,920 [CID:] [C:] [TID:266] ERROR Thycotic.DE.Feature.SS.RdpProxy.EngineRdpProxySessionService - An error was encountered while attempt to fetch proxy credentials for user 'chrisbronet' - (null) another usecase is like the discovery process from ad to secretserver eg, scan ad and finds the local id creates the id and pwd in to the secret server. sample events: 1) 2024-01-11 23:39:36,183 [CID:] [C:] [TID:83] ERROR Thycotic.Discovery.Sources.Scanners.Dependency.ApplicationPoolScanner - WMI (IIS) Unable to connect to xyzwin.abc.com with Exception System.Threading.ThreadAbortException: Thread was being aborted. at System.Management.IEnumWbemClassObject.Next_(Int32 lTimeout, UInt32 uCount, IWbemClassObject_DoNotMarshal[] apObjects, UInt32& puReturned) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext() at Thycotic.Discovery.Sources.Scanners.Dependency.ApplicationPoolScanner.<>c__DisplayClass10_0.<IsIisRunningWmi>b__0(Object x) - (null) 2) 2024-01-11 23:29:47,675 [CID:] [C:] [TID:PriorityScheduler Thread @ Normal] ERROR Thycotic.Discovery.Sources.Scanners.MachinePreDiscoveryTester - Could not connect to xyx.win.abc.com with port pre-check. Please open port(s) [135, 445] - (null) 3) 2024-01-11 23:32:32,163 [CID:] [C:] [TID:PriorityScheduler Elastic Thread @ Normal] ERROR Thycotic.Discovery.Sources.Scanners.Dependency.ApplicationPoolScanner - Service Controller (IIS) Unable to connect to xyz.win.abc.com with Exception System.InvalidOperationException: Cannot open W3SVC service on computer 'xyz.win.abc.com'. ---> System.ComponentModel.Win32Exception: Access is denied --- End of inner exception stack trace --- at System.ServiceProcess.ServiceController.GetServiceHandle(Int32 desiredAccess) ... 1 line omitted ... at System.ServiceProcess.ServiceController.get_Status() at Thycotic.Discovery.Sources.Scanners.Dependency.ApplicationPoolScanner.IsIisRunningServiceController() - (null) Thankyou