Hi,       is there a way to to change which versions of Forwarders are in support according to the Cloud Monitoring Console? Currently at the moment, v9.1.1 is showing as out of support?   Many Thanks

Hi All, I have two csv files.  File1.csv -> id, operation_name, session_id File2.csv -> id, error, operation_name I want to list the entries based on session_id like ->id, operation_name, session_id, error. Basically all the entries from file1.csv for the session_id and errors from file2.csv.  Could you please help how to combine these csv? Note: I am storing the data to CSV as a output lookup since I couldn't find a way to search these via single query. So trying to join from csv.

Hi, in the official compatibility matrix there is no column for Indexer 8.0.x anymore as its no longer supported. https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/Compatibilitybetweenforwardersandindexers   Does anyone know up to which version of the Universal Forwarder is compatibel with an 8.0.x Indexer (with an 8.0.x Heavy Forwarder infront) ?

Hello, We ingest logs from another vendor to Splunk, each event contains a "score" field which is predetermined by the 3rd party ranging from 0 - 100. Is there away to add that field value to the risk object score instead of a static risk score in the Risk analysis Adaptive response?  Have been looking at using the Risk factor editor but cant see a way other than setting the static value in the Adaptive response to 100 then creating 100 risk factor like this if('score'="10",0.1,1) if('score'="11",0.11,1) if('score'="12",0.12,1) so on and so on. Thanks       

We use the ansible-role-for-splunk project found in GitHub: https://github.com/splunk/ansible-role-for-splunk Now we want to install third-party apps from Splunkbase. The framework seem to rely on all Splunk apps being available from a git repository. How are third-party apps such as "Splunk Add-on for Amazon Web Services (AWS)" supposed to be installed unless extracted to a custom git repository first?

I had an issue with storage.  I was at another site for 2 weeks and we reached the max limit on our drive.  I had to reprovision in VMware and while it was out of storage we had issues, I can't remember the error message but it was related to storage.  Fixed the storage issue and rebooted and had to reset my certificate and everything looked fine.  A day later we started getting the license issue.  I read the articles in the community.  I didn't fully understand.  I think its polling the environment for the time that my storage limits were reached? It's been 4 days with us being over the licensing limit.  Looking back over the last year, we have never been close to our limits. Any help would be appreciated. 

Hi Team,  I have a got a request to plot graph of previous 30 days. But the org has a retention period of 7days set on the data set.  As a solution, I am pushing data from query having HTTP status captured to a lookup file. The CSV file consists of following fields: 1. _time 2. 2xx 3. 4xx 4. 5xx Also, I have created a time-based lookup definition. But when I try to plot the graph, "_time" field is not coming up in x-axis.  Can you please help with how this can be achieved?