Not really.  You can get a list of use cases with these two queries, but you'll have to add your own filters based on your knowledge of the data.  For instance, some VPN use cases may not contain the string "vpn". | rest /servicesNS/-/-/saved/searches | rest /servicesNS/-/-/data/ui/views

That's a question only you and your coworkers can answer.  Review your VPN use cases and the fields they use.  Anything else, in theory, can be eliminated.  Of course, future use cases may need an eliminated field so be prepared to add them back some day.

That's a challenge, because machines without a Splunk forwarder installed will not be reporting anything to Splunk.  You would need to have a list of all machines then subtract those that have a forwarder installed (which Splunk can provide) to get the list of machines missing a forwarder.

That's a difficult sentence to parse.  I hope I understand the request. Instructions for installing Splunk on Linux systems are at https://docs.splunk.com/Documentation/Splunk/9.1.1/Installation/InstallonLinux .  You won't find a ready-made script, but the documented steps should be easy enough to automate.  Many customers use software management tools to deploy software on all machines. I don't understand what is meant by "find out the system with out Splunk."

Let's take a step back.  What is the desired output of this query?  Is it to list the file names that are in both the index and the lookup?  Something else? My latest example is *like* what you've already done, but is different and should have a different result.  Have you run it?  If so, what is the exact text of the error(s)? Please eliminate the ellipsis in the stats command.  The behavior of the command can change depending on the hidden arguments.

Hi @gcusello  Currently the choices in Data Entity stays as static values ex (Airbag scheduling,Material ,Cost Summary) Based on that values that I select from the Data Entity , I wanted to do comparison of that value  in my eval cmd to set the correct token to use in later queries so that i know that token is belonging to specific option of Data Entity. So how do i transform these Data Entity options based on the value selected in the first dropdown domain. ex., if i select MM in the 1st dropdown , i should get options pertained to MM. if i select Goods in the 1st dropdown , i should get options pertained to Goods. It can be one options or multiple on the data entity </input> <input type="dropdown" token="domainToken">         <label>Data Entity</label>         <choice value=“0-a,1-b,2-b,3-,4-,5-,6-a”>Airbag Scheduling</choice>         <choice value=“0-d,1-e,2-e,3-,4-d,5-d,6-d”>Material</choice>         <choice value=“0-e,1-f,2-f,3-e,4-,5-,6-”>Cost Summary</choice>         <choice value=“0-f,1-e,2-b,3-b,4-md,5-a">All</choice>         <change>           <eval token="domainToken1">mvindex(split($value$,","),2)</eval>           <eval token="objectToken2">mvindex(split($value$,","),1)</eval>           <eval token="objectToken1">mvindex(split($value$,","),0)</eval>           <eval token="outputToken1">mvindex(split($value$,","),3)</eval>           <eval token="outputToken2">mvindex(split($value$,","),4)</eval>           <eval token="outputToken3">mvindex(split($value$,","),5)</eval>                   </change>       </input> search query1:   <query>index=$indexToken$ source IN (“A-B-$objectToken1$", “/A-B-$stage-$objectToken2$”,”/A-B-$domainToken1$")</query> search query2: <query>index=$indexToken$ source IN (“C-$outputToken1$”-D-”, “E-$outputToken2$-F”,”G-$outputToken3$-H”)</query> search query3: <query>index=$indexToken$ source IN (“C-$outputToken1$”-D-”, “E-$outputToken2$-F”,”G-$outputToken3$-H”)</query>