Hello All I need to send a request to Splunk API from a Linux server but the Curl is complaining because the search argument is too long (could be up to 500000 chars). my question is: how we can use @myFile.spl to query splunk api? This is what I have done so far but no luck yet   curl --noproxy '*' -k -H "Authorization: Splunk myToken" https://mySearchHead:8089/servicesNS/admin/search/search/jobs/export?output_mode=json -d search=`echo $myVar`  error  Argument list too long curl --noproxy '*' -k -H "Authorization: Splunk myToken" https://mySearchHead:8089/servicesNS/admin/search/search/jobs/export?output_mode=json -d  @query2.spl  (Format1 in query2.spl file--> "search= | search index=myIndex ...."    up to 500000 char) error {"messages":[{"type":"FATAL","text":"Empty search."}]} curl --noproxy '*' -k -H "Authorization: Splunk myToken"  https://mySearchHead:8089/servicesNS/admin/search/search/jobs/export?output_mode=json -d  @query2.spl  (Format2 in query2.spl file --> search= "| search index=myIndex ...."    up to 500000 char -- difference with 3 is quotes position) error {"messages":[{"type":"ERROR","text":"Error in 'SearchParser': Missing a search command before '\"'. Error at position '0' of search query '\"| search index...." curl --noproxy '*' -k -H "Authorization: Splunk myToken" https://mySearchHead:8089/servicesNS/admin/search/search/jobs/export?output_mode=json -d search=@query2.spl   (Format2 in query2.spl file --> "| search index=myIndex ...."    up to 500000 char -- difference with 3 is quotes position) error {"messages":[{"type":"ERROR","text":"Error in 'SearchParser': Missing a search command before '@'. Error at position '0' of search query '@query2.spl'.","help":""}]}

If a Splunk Search Head image is destroyed, but the rest of the servers/components are up and running including the Deployment, Indexers, HWF and License server. Would it be possible to rebuild just the Search Head or does the entire Splunk environment need to be rebuilt?

Hi, recently I tried to configure Splunk TA and APP for DELL EMC ECS Storage device. After Installation and initial configuration everything looks fine except lacking performance data. Capacity and inventory data are available in DELL EMC ECS App overview dashboard but I'm lacking performance data.  Here's few details about the current settings and scenario: - App and Add On are installed on Search Head Cluster, and Add on installed on HF - Splunk is 9.0.5 version (higher than reccomended in add on documentation) - App and Addons are updated to latest versions - DELL EMC ECS Device is running 3.7.0.3 - There is communication between devices (obviously as we are ingested some data from ECS device) - Splunk Python version on HF is 3.7 (OS version is 2.7 I don't think it matters :P) - Management user with system monitor privileges is created on DELL EMC ECS device and used by splunk - As documentation claims I provided IP of one of the nodes in VDC (not virtual IP) - I even raised timeout setting in  ecs_connect.py to 60 (but there were no timeout errors in the logs)   I know that performance data should be ingested via flux api and I see some data from various dell:flux:* sources but it seems not to be the date expected by Dell EMC ECS overview dashboard (or it is not parsed correctly, which I really doubt as it's official supported APP from splunkbase).   In logs I can see one error that occurs everytime when Dell EMC ECS input data ingestion happens. The error is "product version" which seems really vague for me. Apart from that I can't find anything useful in the logs.  As far as I know nothing else has to be done on the device itself so I'm kind of lost  ... Do You have any ideas what else can I check or maybe You encountered similar problems ? P.S I contacted App vendor and waiting for any response if I find solution in the meantime I'll put it here for potential other people who may encounter this really weird problem . Best Regards  

Hello, We are planning to onboard inventory data from Vcenter. I would like to confirm whether "Splunk Add-on for vCenter Logs" has inventory data. If not, can you please point me to the right add on.  Thanks