Hi @harimadambi, if an app is correctly created without private objects, can be easily backupped taking files from $SPLUNK_HOME/etc/apps/your_app. For data is a little more difficoult because you have to know which indexes are used by the App and then backup them. You can find all the indexes in:  $SPLUNK_DB/db/your_index for hot and warm data $SPLUNK_DB/colddb/your_index for cold data SPLUNK_DB by default is $SPLUNK_HOME/var/lib/splunk, but probably it's different in your installation. Ciao. Giuseppe

Hi @Dhivakarpn ... as said in previous reply... most linux's should be ok to install UF (unless the linux older than 10 years)..  one another concern is... whats ur indexer version..    You should make sure UF to indexer is compatible.  https://docs.splunk.com/Documentation/Forwarder/9.0.1/Forwarder/Compatibilitybetweenforwardersandindexers  

Hi basically this means that your daily indexing amount is greater than you license allow. What will happen is totally dependent on your splunk version and size of your license. With free version after you have gotten 5 violation in 30days you cannot do searches until there is 30d period when there are less than 5 violations.  Enterprise with license less than 100GB in recent versions that limits is 45/60days. If you get more violations your searches will blocked, but you can ask reset license from your Splunk account manager. If your license is 100GB+ then you will get those warnings, but your search are still working. Some older version with paid license that was 5/30d and then you could ask reset license unless you have "non blocking" license. With it it act like current 100GB+ license. r. Ismo

Hi Why you don't want to use your own git? I prefer to add all installed apps & TAs from splunkbase and other source to my own git to be sure that I have those also later if/when needed. It's not guaranteed that you could found those same versions from splunkbase later on if/when you are needing those again? If you don't want to use that approach you must write own tasks to replace this - name: "Synchronize {{ item.name }} repo from local Ansible host to {{ splunk_home }}/{{ app_dest }}/{{ item.name }} on remote host" I haven't check this, but I suppose that it could be enough if you just unpack splunkbase apps to your workspace and update src to correct. But probably it's better to write own tasks for this. That way it's easiest to keep that git repo up to date when splunk make updates for it. r. Ismo

Hi here is link how to move index database to the nee location https://docs.splunk.com/Documentation/Splunk/9.1.1/Indexer/Moveanindex When I need to move db to the new node I have followed this https://community.splunk.com/t5/Installation/How-to-migrate-indexes-to-new-indexer-instance/m-p/528064/highlight/true That was for linux node, but you can do same procedure with windows with small changes to used commands. Copy data + configurations to correct place As you are moving SPLUNK_DB to a new directory,  you must update correct parameters (see docs link) Install fresh splunk (same version than in old node) Start splunk Check that all is ok Update to the latest/needed version r. Ismo

Hello If servers are missing from your AppDynamics dashboard but visible elsewhere, first check dashboard filters, permissions, and widget settings. Ensure servers are actively reporting data, agents are running, and there are no recent compatibility issues. If the problem persists, consider contacting AppDynamics support for assistance. https://docs.appdynamics.com/appd/21.x/21.6/en/appdynamics-essentials/getting-started/appdynamics-support/Salesforce Marketing Cloud Training Thank you

You're encountering a 500 error when trying to access ABAP system details in AppDynamics. Here are some quick steps to resolve it: Check your network connection. Verify the Controller URL. Check Controller server logs. Ensure Controller server is running. Verify authentication and permissions. Ensure version compatibility. Try restarting services. Contact AppDynamics support if the issue persists.

Hi @Dhivakarpn , I don't know exactly AWS Linux 3 but Spluk UF is compatible with every Linux kernel from 3.x, so it should be compatible (Amazon Linux 3 shoud use a combination of Fedora Linux and CentOS Stream). Ciao. Giuseppe

Another thing - if you want to find which server is captain to dynamically decide to which server you should send the next rest call, you can't just say splunk_server=Captain. That would be looking for a server called Captain which you most probably don't have. You need to use one of the two possible techniques here - map command or subsearch.

Hi @alex4 , at first, using the search command after the main search you have a slower search, the best prectices say to put the search terms as left as possible. Then, don't use the search for terms (e.g. 4794 or 4657) when tese values are extracted in the EventCode field then whar are the unwanted results with the search you're using? did you tried to add the last condition you shared to your starting search? Last information: can the properties field have two values in the same event: Properties="msLAPS-Password" AND Properties=*EncryptedDSRMPasswordHistory. I try to re-write your starting search with the hinted updates: index=winsec_prod EventCode=4794 OR (EventCode=4657 DSRMAdminLogonBehavior) OR (EventCode IN (4104,4103) DsrmAdminLogonBehavior) ((EventCode=4794) OR (EventCode=4657 ObjectName="*HKLM\System\CurrentControlSet\Control\Lsa\DSRMAdminLogonBehavior*") OR (EventCode IN (4104,4103) ScriptBlockText="*DsrmAdminLogonBehavior*")) | eval username=coalesce(src_user,user,user_id), Computer=coalesce(Computer,ComputerName) | stats values(dest) values(Object_Name) values(ScriptBlockText) by _time, index, sourcetype, EventCode, Computer, username | rename values(*) as * Ciao. Giuseppe

Hi @vijreddy30, it isn't possible to hide the Settings menu because there are some voices that are usually permitted to all users. Anyway, you can work in the Roles Permission menu [Settings > Groups] to exactly define the features of your role, in this way the not permitted Settings voices will be hided. Ciao. Giuseppe

Hi @vijreddy30, it isn't possible to hide the Settings menu because there are some voices that are usually permitted to all users. Anyway, you can work in the Roles Permission menu [Settings > Groups] to exactly define the features of your role, in this way the not permitted Settings voices will be hided. Ciao. Giuseppe

Hi @jip31, this seems to be a trendline and doesn't require a viz. Anyway, if you add some add-on as e.g. Timeline, you can see this visualization in the possible visualization panel. You can find some very useful examples about this topic in the Splunk Dashboard Examples App ( https://splunkbase.splunk.com/app/1603 ). Ciao. Giuseppe