All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Getting error while downloading forwarder in  Ubuntu, 20.04 LTS, amd64 focal image built on 2025-04-08 Reinstalled, tried a bunch of commands to check for any issues, but could not find any solution... See more...
Getting error while downloading forwarder in  Ubuntu, 20.04 LTS, amd64 focal image built on 2025-04-08 Reinstalled, tried a bunch of commands to check for any issues, but could not find any solution. Tried different versions of the ubuntu architecture, still the same. This is stopping my instance to run splunk [ Allowed http traffic, firewall port open..etc] cd /opt/splunkforwarder/bin/ splunk validate files Setting up splunkforwarder (9.4.1) ... find: ‘/opt/splunkforwarder/lib/python3.7/site-packages’: No such file or directory find: ‘/opt/splunkforwarder/lib/python3.9/site-packages’: No such file or directory find: ‘/opt/splunkforwarder/lib/python3.7/site-packages’: No such file or directory find: ‘/opt/splunkforwarder/lib/python3.9/site-packages’: No such file or directory complete
Hi @splunklearner  If you arent on Splunk Cloud and you're team say it isnt possible (for whatever reason) to use Push based approach then I would recommend using the Splunk Add-on for Microsoft Clo... See more...
Hi @splunklearner  If you arent on Splunk Cloud and you're team say it isnt possible (for whatever reason) to use Push based approach then I would recommend using the Splunk Add-on for Microsoft Cloud Services app. This aligns with the recommendations here: https://lantern.splunk.com/Data_Descriptors/Microsoft/Getting_started_with_Microsoft_Azure_Event_Hub...  Did this answer help you? If so, please consider: Adding karma to show it was useful Marking it as the solution if it resolved your issue Commenting if you need any clarification Your feedback encourages the volunteers in this community to continue contributing
There's no need to edit props or transforms for Ingest Actions as they can be configured easily using the UI.  In fact, use of the UI is recommended to avoid errors in the ruleset config.  If you nee... See more...
There's no need to edit props or transforms for Ingest Actions as they can be configured easily using the UI.  In fact, use of the UI is recommended to avoid errors in the ruleset config.  If you need to edit the config files for Splunk Cloud, do so in a custom app and upload the app to your Splunk Cloud search head. https://docs.splunk.com/Documentation/SplunkCloud/9.1.2312/Data/DataIngest#Deploy_a_ruleset_on_an_indexer_cluster  
I see your answer as "Yes" and reference a Splunk Enterprise doc.  Can you give an answer for the Splunk Cloud Platform.  While I see the deploy button in the top right, I do not see where i can edit... See more...
I see your answer as "Yes" and reference a Splunk Enterprise doc.  Can you give an answer for the Splunk Cloud Platform.  While I see the deploy button in the top right, I do not see where i can edit the props.conf and the transforms.conf files or is cloud different?
Install the app you cited in the OP on a heavy forwarder and use that to pull data from Azure using API calls.  The HF will forward the data to Splunk.
Just getting started with SOAR and I am encountering a scenario where I obviously don't understand the concept enough. I could use a push in the right direction to understand how I'm supposed to pass... See more...
Just getting started with SOAR and I am encountering a scenario where I obviously don't understand the concept enough. I could use a push in the right direction to understand how I'm supposed to pass output from a Splunk action block to a decision or utility block. Logic is as follows: 1. We utilize a Splunk -- Timer asset to schedule execution of playbook at certain time 2. First block is a Splunk query action block; basic SPL is  index=custom_index usernames=* | table usernames, emailAddresses, userScore 3. I want to pass the usernames to a decision block, and this is where I get lost. I see event choices, and CEF fields, etc. as options, but nothing explicitly stated for "usernames". Am I supposed to custom code a solution using action_result.data, and if so, can I get a hint on how to do so? (this wasn't covered in my creating playbooks course) Thank you
@ITWhisperer  you're right. Thanks
| eval row=mvrange(0,2) | mvexpand row | foreach * [| eval <<FIELD>>=mvindex(<<FIELD>>,row)]
How do I split the below data into 2 lines? I need to run stats on the tables, but when they are together the answers are not correct.   I have the following SPL form some complex data and I ha... See more...
How do I split the below data into 2 lines? I need to run stats on the tables, but when they are together the answers are not correct.   I have the following SPL form some complex data and I have discovered that in some small cases there can be 2 lines coming out like this. host="MARKET_RISK_PDT_V2" index="murex_logs" sourcetype="Market_Risk_DT" "**mr_strategy**" "typo_Collar" | search "resourceSpans{}.resource.attributes{}.value.stringValue"="*" | spath resourceSpans{}.scopeSpans{}.spans{}.attributes{} output=attributes | dedup attributes | stats count by attributes _time | spath input=attributes | eval X_{key}=coalesce('value.doubleValue', 'value.stringValue') | stats list(X_*) as * by _time | table mr_batch_compute_cpu_time mr_batch_compute_time mr_batch_load_cpu_time mr_batch_load_time mr_strategy The data is very large. I will put it up, but I think I have done 99% of the SPL. It's just this last case that is catching me. {"resourceSpans":[{"resource":{"attributes":[{"key":"telemetry.sdk.language","value":{"stringValue":"cpp"}},{"key":"service.name","value":{"stringValue":"MXMARKETRISK.ENGINE.MX"}},{"key":"service.namespace","value":{"stringValue":"MXMARKETRISK.SERVICE"}},{"key":"process.pid","value":{"intValue":"65544"}},{"key":"service.instance.id","value":{"stringValue":"000719to"}},{"key":"telemetry.sdk.name","value":{"stringValue":"opentelemetry"}},{"key":"telemetry.sdk.version","value":{"stringValue":"1.12.0"}},{"key":"mx.env","value":{"stringValue":"dell945srv:13003"}}]},"scopeSpans":[{"scope":{"name":"murex::observability_otel_backend::tracing","version":"v1"},"spans":[{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"8e46a2fcb9187c68","parentSpanId":"e9f9a5fe15443933","name":"position_evaluation","kind":1,"startTimeUnixNano":"1744296125652729092","endTimeUnixNano":"1744296125798894970","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"6"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"928247cd89802428","parentSpanId":"c1de6d379b059fed","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296125800419331","endTimeUnixNano":"1744296125809124045","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"c1de6d379b059fed","parentSpanId":"e9f9a5fe15443933","name":"scenario_restore","kind":1,"startTimeUnixNano":"1744296125798985174","endTimeUnixNano":"1744296125811277736","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"6"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"facb0e5746d9d964","parentSpanId":"25d5f36ceb7321c8","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296125830212296","endTimeUnixNano":"1744296125849740148","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"25d5f36ceb7321c8","parentSpanId":"e9f9a5fe15443933","name":"scenario_apply","kind":1,"startTimeUnixNano":"1744296125815502747","endTimeUnixNano":"1744296125850628412","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"7"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"a79b05479fe56592","parentSpanId":"e9f9a5fe15443933","name":"structured_position_evaluation","kind":1,"startTimeUnixNano":"1744296125850706729","endTimeUnixNano":"1744296125851948317","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"7"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"6f1e8d7f6321b850","parentSpanId":"e9f9a5fe15443933","name":"position_evaluation","kind":1,"startTimeUnixNano":"1744296125852417846","endTimeUnixNano":"1744296125992801928","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"7"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"15dd58424f5b362f","parentSpanId":"55e665fcbffd2dce","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296125994261439","endTimeUnixNano":"1744296126000431009","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"55e665fcbffd2dce","parentSpanId":"e9f9a5fe15443933","name":"scenario_restore","kind":1,"startTimeUnixNano":"1744296125992870615","endTimeUnixNano":"1744296126002300582","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"7"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"9fa56f99daac2e78","parentSpanId":"bbb3db0f43020601","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296126021039957","endTimeUnixNano":"1744296126045997290","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"bbb3db0f43020601","parentSpanId":"e9f9a5fe15443933","name":"scenario_apply","kind":1,"startTimeUnixNano":"1744296126006349607","endTimeUnixNano":"1744296126046897747","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"8"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"17c713e141a5a055","parentSpanId":"e9f9a5fe15443933","name":"structured_position_evaluation","kind":1,"startTimeUnixNano":"1744296126046987437","endTimeUnixNano":"1744296126048941301","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"8"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"c6f94d626baa5e49","parentSpanId":"e9f9a5fe15443933","name":"position_evaluation","kind":1,"startTimeUnixNano":"1744296126049410715","endTimeUnixNano":"1744296126191477064","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"8"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"3969a2458c7a1dc5","parentSpanId":"d1a1815dfc55cdd4","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296126192947402","endTimeUnixNano":"1744296126199823189","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"d1a1815dfc55cdd4","parentSpanId":"e9f9a5fe15443933","name":"scenario_restore","kind":1,"startTimeUnixNano":"1744296126191554042","endTimeUnixNano":"1744296126201896837","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"8"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"b6cdaecb3b869a03","parentSpanId":"b238e61733dc9cf2","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296126220292499","endTimeUnixNano":"1744296126239204858","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"b238e61733dc9cf2","parentSpanId":"e9f9a5fe15443933","name":"scenario_apply","kind":1,"startTimeUnixNano":"1744296126206034205","endTimeUnixNano":"1744296126240073056","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"9"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"4cc6d310648b79ee","parentSpanId":"e9f9a5fe15443933","name":"structured_position_evaluation","kind":1,"startTimeUnixNano":"1744296126240159810","endTimeUnixNano":"1744296126241419109","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"9"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"288afaf9b7bff8cc","parentSpanId":"e9f9a5fe15443933","name":"position_evaluation","kind":1,"startTimeUnixNano":"1744296126241872221","endTimeUnixNano":"1744296126380408484","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"9"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"57153080d9d99407","parentSpanId":"6626b11ac99f8810","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296126381860940","endTimeUnixNano":"1744296126388388372","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"6626b11ac99f8810","parentSpanId":"e9f9a5fe15443933","name":"scenario_restore","kind":1,"startTimeUnixNano":"1744296126380480534","endTimeUnixNano":"1744296126390275608","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"9"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"a1059958bf180498","parentSpanId":"2061aaa3bc7e58d3","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296126408627933","endTimeUnixNano":"1744296126427148493","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"2061aaa3bc7e58d3","parentSpanId":"e9f9a5fe15443933","name":"scenario_apply","kind":1,"startTimeUnixNano":"1744296126394320863","endTimeUnixNano":"1744296126428008509","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"10"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"016d32332bc0f916","parentSpanId":"e9f9a5fe15443933","name":"structured_position_evaluation","kind":1,"startTimeUnixNano":"1744296126428077369","endTimeUnixNano":"1744296126429287924","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"10"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"163a862ff97841df","parentSpanId":"e9f9a5fe15443933","name":"position_evaluation","kind":1,"startTimeUnixNano":"1744296126429739689","endTimeUnixNano":"1744296126568936523","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"10"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"fd0292239b0618f6","parentSpanId":"ea1313f85058a1b2","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296126570402952","endTimeUnixNano":"1744296126576565279","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"ea1313f85058a1b2","parentSpanId":"e9f9a5fe15443933","name":"scenario_restore","kind":1,"startTimeUnixNano":"1744296126569019151","endTimeUnixNano":"1744296126578414066","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"10"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"e9f9a5fe15443933","parentSpanId":"d6c133764c7891c3","name":"scenario_all_apply","kind":1,"startTimeUnixNano":"1744296124562223476","endTimeUnixNano":"1744296126580259668","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario_nb","value":{"stringValue":"10"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"d6c133764c7891c3","parentSpanId":"dbd5a3ed4854e73f","name":"fullreval_task","kind":1,"startTimeUnixNano":"1744296121513194653","endTimeUnixNano":"1744296126583212823","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_batchId","value":{"stringValue":"37"}},{"key":"mr_batchType","value":{"stringValue":"Full Revaluation"}},{"key":"mr_bucketName","value":{"stringValue":""}},{"key":"mr_jobDomain","value":{"stringValue":"Market Risk"}},{"key":"mr_jobId","value":{"stringValue":"CONSO_ABAQ | 31/03/2016 | 12"}},{"key":"mr_strategy","value":{"stringValue":"typo_Collar Cap"}},{"key":"mr_uuid","value":{"stringValue":"4405ed87-fbc0-4751-b5b2-41836f1181cc"}},{"key":"mrb_batch_affinity","value":{"stringValue":"CONSO_ABAQ_run_Batch|CONSO_ABAQ|2016/03/31|12_FullReval0_00037"}},{"key":"mr_batch_compute_cpu_time","value":{"doubleValue":2.042433}},{"key":"mr_batch_compute_time","value":{"doubleValue":2.138}},{"key":"mr_batch_load_cpu_time","value":{"doubleValue":2.154398}},{"key":"mr_batch_load_time","value":{"doubleValue":2.852}},{"key":"mr_batch_status","value":{"stringValue":"WARNING"}},{"key":"mr_batch_total_cpu_time","value":{"doubleValue":4.265003}},{"key":"mr_batch_total_time","value":{"doubleValue":5.069}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"c2ed4f39b11aee9f","parentSpanId":"78911387092a7c87","name":"Load Simulation Parameters","kind":1,"startTimeUnixNano":"1744296127698926310","endTimeUnixNano":"1744296129421561118","status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"49b3b6c745a8ae13","parentSpanId":"78911387092a7c87","name":"Load Simulation Parameters","kind":1,"startTimeUnixNano":"1744296129461431159","endTimeUnixNano":"1744296129467535543","status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"78911387092a7c87","parentSpanId":"4c8da45757b1ea2a","name":"position_loading","kind":1,"startTimeUnixNano":"1744296126596669569","endTimeUnixNano":"1744296129552371945","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mrb_batch_affinity","value":{"stringValue":"CONSO_ABAQ_run_Batch|CONSO_ABAQ|2016/03/31|12_FullReval0_00058"}},{"key":"mr_position_nb","value":{"stringValue":"50"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"9f06f54e319a5d2b","parentSpanId":"4c8da45757b1ea2a","name":"dependencies_retrieval","kind":1,"startTimeUnixNano":"1744296129557213410","endTimeUnixNano":"1744296129604058259","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"2c92a4cdcfddca76","parentSpanId":"4c8da45757b1ea2a","name":"scenario_loading","kind":1,"startTimeUnixNano":"1744296129607930435","endTimeUnixNano":"1744296129657422990","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario_container","value":{"stringValue":"SEC_VOL"}},{"key":"mr_scenario_nb","value":{"stringValue":"10"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"7749106317af3d80","parentSpanId":"32563fd40f415e83","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296129660693591","endTimeUnixNano":"1744296129670146254","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"32563fd40f415e83","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_apply","kind":1,"startTimeUnixNano":"1744296129658850268","endTimeUnixNano":"1744296129670593647","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"1"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"e0bcc9c6808cf174","parentSpanId":"e276dfe0c1ff2f22","name":"structured_position_evaluation","kind":1,"startTimeUnixNano":"1744296129670694720","endTimeUnixNano":"1744296129671818574","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"1"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"b57e0539e4480583","parentSpanId":"e276dfe0c1ff2f22","name":"position_evaluation","kind":1,"startTimeUnixNano":"1744296129672077408","endTimeUnixNano":"1744296129737008901","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"1"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"dd2d547a1f6c2e5d","parentSpanId":"fe75400d89316fcd","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296129737839519","endTimeUnixNano":"1744296129742814229","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"fe75400d89316fcd","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_restore","kind":1,"startTimeUnixNano":"1744296129737096551","endTimeUnixNano":"1744296129743401800","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"1"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"973b0796b725c804","parentSpanId":"34c516de65a035d3","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296129747204588","endTimeUnixNano":"1744296129752407413","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"34c516de65a035d3","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_apply","kind":1,"startTimeUnixNano":"1744296129745034633","endTimeUnixNano":"1744296129752870351","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"2"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"92e2752ce064836c","parentSpanId":"e276dfe0c1ff2f22","name":"structured_position_evaluation","kind":1,"startTimeUnixNano":"1744296129752927074","endTimeUnixNano":"1744296129753757346","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"2"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"07c4f8bffd50e88b","parentSpanId":"e276dfe0c1ff2f22","name":"position_evaluation","kind":1,"startTimeUnixNano":"1744296129754021990","endTimeUnixNano":"1744296129821850103","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"2"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"88c2db5de46eb6a1","parentSpanId":"baa6f635c7c07eaf","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296129822762055","endTimeUnixNano":"1744296129827854287","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"baa6f635c7c07eaf","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_restore","kind":1,"startTimeUnixNano":"1744296129821943393","endTimeUnixNano":"1744296129828488269","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"2"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"a96922b7d4c5ee7a","parentSpanId":"2ea99282bb90948e","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296129832394737","endTimeUnixNano":"1744296129837932672","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"2ea99282bb90948e","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_apply","kind":1,"startTimeUnixNano":"1744296129830183977","endTimeUnixNano":"1744296129838425052","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"3"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"0847f65851ce9c4c","parentSpanId":"e276dfe0c1ff2f22","name":"structured_position_evaluation","kind":1,"startTimeUnixNano":"1744296129838484599","endTimeUnixNano":"1744296129839339262","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"3"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"4d44c092644a0afc","parentSpanId":"e276dfe0c1ff2f22","name":"position_evaluation","kind":1,"startTimeUnixNano":"1744296129839607462","endTimeUnixNano":"1744296129905757155","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"3"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"c5b9a17df4e5ef4a","parentSpanId":"49c50f3c06b6bb96","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296129906718595","endTimeUnixNano":"1744296129911547443","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"49c50f3c06b6bb96","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_restore","kind":1,"startTimeUnixNano":"1744296129905843110","endTimeUnixNano":"1744296129912222843","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"3"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"3d940c9a9759637e","parentSpanId":"f58a23584beb15b3","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296129916348529","endTimeUnixNano":"1744296129921965137","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"f58a23584beb15b3","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_apply","kind":1,"startTimeUnixNano":"1744296129913961555","endTimeUnixNano":"1744296129922515180","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"4"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"05edcbba30a96928","parentSpanId":"e276dfe0c1ff2f22","name":"structured_position_evaluation","kind":1,"startTimeUnixNano":"1744296129922574865","endTimeUnixNano":"1744296129923380589","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"4"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"4abe27252b07358d","parentSpanId":"e276dfe0c1ff2f22","name":"position_evaluation","kind":1,"startTimeUnixNano":"1744296129923678184","endTimeUnixNano":"1744296129989643044","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"4"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"68eac69f7e061424","parentSpanId":"41903a8a1e64f4cc","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296129990517627","endTimeUnixNano":"1744296129995115364","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"41903a8a1e64f4cc","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_restore","kind":1,"startTimeUnixNano":"1744296129989726995","endTimeUnixNano":"1744296129995754334","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"4"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"53c5ad1f7e85f5a4","parentSpanId":"d32222afe2b25907","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296129999622379","endTimeUnixNano":"1744296130004782482","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"d32222afe2b25907","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_apply","kind":1,"startTimeUnixNano":"1744296129997395635","endTimeUnixNano":"1744296130005287428","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"5"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"698731c8096034ee","parentSpanId":"e276dfe0c1ff2f22","name":"structured_position_evaluation","kind":1,"startTimeUnixNano":"1744296130005345013","endTimeUnixNano":"1744296130006110876","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"5"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"c37b411090c72ec6","parentSpanId":"e276dfe0c1ff2f22","name":"position_evaluation","kind":1,"startTimeUnixNano":"1744296130006396530","endTimeUnixNano":"1744296130076287609","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"5"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"e44327d329c5af1d","parentSpanId":"cf11db6b2333d6db","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296130077199672","endTimeUnixNano":"1744296130083803404","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"cf11db6b2333d6db","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_restore","kind":1,"startTimeUnixNano":"1744296130076381438","endTimeUnixNano":"1744296130084495626","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"5"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"d53a29a7993989c9","parentSpanId":"d4b207c39aac2374","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296130088477779","endTimeUnixNano":"1744296130093986390","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"d4b207c39aac2374","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_apply","kind":1,"startTimeUnixNano":"1744296130086242948","endTimeUnixNano":"1744296130094497251","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"6"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"b597f8205f2807d9","parentSpanId":"e276dfe0c1ff2f22","name":"structured_position_evaluation","kind":1,"startTimeUnixNano":"1744296130094554946","endTimeUnixNano":"1744296130095344802","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"6"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"1eba5f0a8727b9f4","parentSpanId":"e276dfe0c1ff2f22","name":"position_evaluation","kind":1,"startTimeUnixNano":"1744296130095641226","endTimeUnixNano":"1744296130163512289","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"6"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"e6abed32d597042b","parentSpanId":"1786db2bac6f42eb","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296130164385405","endTimeUnixNano":"1744296130169075838","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"1786db2bac6f42eb","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_restore","kind":1,"startTimeUnixNano":"1744296130163592712","endTimeUnixNano":"1744296130169716706","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"6"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"5c64fd10ed1436fc","parentSpanId":"24afa125ec279c05","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296130173584046","endTimeUnixNano":"1744296130179054977","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"24afa125ec279c05","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_apply","kind":1,"startTimeUnixNano":"1744296130171352247","endTimeUnixNano":"1744296130179563778","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"7"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"639c5ad5e2d56afc","parentSpanId":"e276dfe0c1ff2f22","name":"structured_position_evaluation","kind":1,"startTimeUnixNano":"1744296130179623326","endTimeUnixNano":"1744296130180434803","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"7"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"f34e39c53b7d8c86","parentSpanId":"e276dfe0c1ff2f22","name":"position_evaluation","kind":1,"startTimeUnixNano":"1744296130180710052","endTimeUnixNano":"1744296130246009978","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"7"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"4346023774b9ec52","parentSpanId":"b6f413e704e29b77","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296130246881059","endTimeUnixNano":"1744296130251463598","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"b6f413e704e29b77","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_restore","kind":1,"startTimeUnixNano":"1744296130246093843","endTimeUnixNano":"1744296130252083530","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"7"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"abea2ca427bbe33f","parentSpanId":"ed0e91473624a3dc","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296130255978209","endTimeUnixNano":"1744296130261459992","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"ed0e91473624a3dc","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_apply","kind":1,"startTimeUnixNano":"1744296130253775352","endTimeUnixNano":"1744296130261957353","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"8"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"d94db436839ae4c7","parentSpanId":"e276dfe0c1ff2f22","name":"structured_position_evaluation","kind":1,"startTimeUnixNano":"1744296130262019289","endTimeUnixNano":"1744296130262918367","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"8"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"2e1a19dd22473564","parentSpanId":"e276dfe0c1ff2f22","name":"position_evaluation","kind":1,"startTimeUnixNano":"1744296130263202982","endTimeUnixNano":"1744296130329108157","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"8"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"0506209d5861f707","parentSpanId":"29fbce82070bbdd9","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296130330062280","endTimeUnixNano":"1744296130334746242","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"29fbce82070bbdd9","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_restore","kind":1,"startTimeUnixNano":"1744296130329199115","endTimeUnixNano":"1744296130335434159","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"8"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"14bf123930fc4166","parentSpanId":"bda37ea73fe787ba","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296130339325290","endTimeUnixNano":"1744296130344680498","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"bda37ea73fe787ba","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_apply","kind":1,"startTimeUnixNano":"1744296130337111150","endTimeUnixNano":"1744296130345174355","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"9"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"e352e262e69266cb","parentSpanId":"e276dfe0c1ff2f22","name":"structured_position_evaluation","kind":1,"startTimeUnixNano":"1744296130345232114","endTimeUnixNano":"1744296130345998794","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"9"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"c168bcb1a9e0427d","parentSpanId":"e276dfe0c1ff2f22","name":"position_evaluation","kind":1,"startTimeUnixNano":"1744296130346281403","endTimeUnixNano":"1744296130419788201","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"9"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"51886e061ef5c4f9","parentSpanId":"e72c59de829c2e44","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296130420692270","endTimeUnixNano":"1744296130427784319","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"e72c59de829c2e44","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_restore","kind":1,"startTimeUnixNano":"1744296130419877336","endTimeUnixNano":"1744296130428473555","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"9"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"7fb684d3063d73c7","parentSpanId":"9dd04d910ec82870","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296130432522024","endTimeUnixNano":"1744296130438750301","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"9dd04d910ec82870","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_apply","kind":1,"startTimeUnixNano":"1744296130430212780","endTimeUnixNano":"1744296130439276891","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"10"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"8e03ecc4a983035e","parentSpanId":"e276dfe0c1ff2f22","name":"structured_position_evaluation","kind":1,"startTimeUnixNano":"1744296130439348209","endTimeUnixNano":"1744296130440561522","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"10"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"029d9ce7b6512a13","parentSpanId":"e276dfe0c1ff2f22","name":"position_evaluation","kind":1,"startTimeUnixNano":"1744296130440851480","endTimeUnixNano":"1744296130506383571","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"10"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"289e093eb4910a67","parentSpanId":"b2d9725b4f39c9c9","name":"scenario_reaction","kind":1,"startTimeUnixNano":"1744296130507268631","endTimeUnixNano":"1744296130511892116","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"b2d9725b4f39c9c9","parentSpanId":"e276dfe0c1ff2f22","name":"scenario_restore","kind":1,"startTimeUnixNano":"1744296130506468587","endTimeUnixNano":"1744296130512543408","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario","value":{"stringValue":"10"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"e276dfe0c1ff2f22","parentSpanId":"4c8da45757b1ea2a","name":"scenario_all_apply","kind":1,"startTimeUnixNano":"1744296129657492038","endTimeUnixNano":"1744296130513460526","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_scenario_nb","value":{"stringValue":"10"}}],"status":{}},{"traceId":"e0d25217dd28e57d2db07e06d690428f","spanId":"4c8da45757b1ea2a","parentSpanId":"dbd5a3ed4854e73f","name":"fullreval_task","kind":1,"startTimeUnixNano":"1744296126596384480","endTimeUnixNano":"1744296130515095708","attributes":[{"key":"market_risk_span","value":{"stringValue":"true"}},{"key":"mr_batchId","value":{"stringValue":"58"}},{"key":"mr_batchType","value":{"stringValue":"Full Revaluation"}},{"key":"mr_bucketName","value":{"stringValue":""}},{"key":"mr_jobDomain","value":{"stringValue":"Market Risk"}},{"key":"mr_jobId","value":{"stringValue":"CONSO_ABAQ | 31/03/2016 | 12"}},{"key":"mr_strategy","value":{"stringValue":"typo_Non Deliv. Xccy Swap"}},{"key":"mr_uuid","value":{"stringValue":"f6035cef-e661-49bd-8b4c-d8d09da06822"}},{"key":"mrb_batch_affinity","value":{"stringValue":"CONSO_ABAQ_run_Batch|CONSO_ABAQ|2016/03/31|12_FullReval0_00058"}},{"key":"mr_batch_compute_cpu_time","value":{"doubleValue":0.8687239999999999}},{"key":"mr_batch_compute_time","value":{"doubleValue":0.907}},{"key":"mr_batch_load_cpu_time","value":{"doubleValue":2.257638}},{"key":"mr_batch_load_time","value":{"doubleValue":2.955}},{"key":"mr_batch_status","value":{"stringValue":"OK"}},{"key":"mr_batch_total_cpu_time","value":{"doubleValue":3.1801}},{"key":"mr_batch_total_time","value":{"doubleValue":3.917}}],"status":{}}]}]}]}  
@richgalloway according to you what will be the best approach for us? Ours is Splunk enterprise and our Splunk instances residing on AWS cloud. Azure team confirmed that pushing is not possible. 
@livehybrid  Splunk enterprise not Splunk Cloud.
@livehybrid's answer is a good one. In general, HEC cannot pull data from any source.  It is merely a receiver for data pushed to Splunk.
Hi @tech_g706   I think the first thing you need to establish is whether you are able to connect to Netskope from your HF on premise. Then also check your internal logs to see if there were any err... See more...
Hi @tech_g706   I think the first thing you need to establish is whether you are able to connect to Netskope from your HF on premise. Then also check your internal logs to see if there were any errors around the collection of these events. If it looks like the events are collecting then you need to work out why the data is not sending from that forwarder to your indexers.  Did this answer help you? If so, please consider: Adding karma to show it was useful Marking it as the solution if it resolved your issue Commenting if you need any clarification Your feedback encourages the volunteers in this community to continue contributing
Hi @danielbb , I don't know very well this app, but usually GUI interface is disabled on Indexers, so why to install it on Indexers? Ciao. Giuseppe
Hi @danielbb  According to the docs - "This app should be installed on all Search Head type of components. (Search Heads, Search Head Clusters, Inputs Data Managers). No direct installation on index... See more...
Hi @danielbb  According to the docs - "This app should be installed on all Search Head type of components. (Search Heads, Search Head Clusters, Inputs Data Managers). No direct installation on indexers is required." Note - you cannot run btool using Admins Little Helper against HFs as it will only run against servers which you can search against.  Did this answer help you? If so, please consider: Adding karma to show it was useful Marking it as the solution if it resolved your issue Commenting if you need any clarification Your feedback encourages the volunteers in this community to continue contributing
Thank you @PickleRick, it was a confusion about the app where the collection and the definition exist. 
I wonder if  I need to install the app on the distinct components in order to view the btool results across the implementation, I assume I have to install it on each components and I just want to ver... See more...
I wonder if  I need to install the app on the distinct components in order to view the btool results across the implementation, I assume I have to install it on each components and I just want to verify. 
Hi @splunklearner  The docs state "As a general rule, Data Manager is the recommended method of data ingestion for Splunk Cloud customers for supported data sources where available" Are you using Sp... See more...
Hi @splunklearner  The docs state "As a general rule, Data Manager is the recommended method of data ingestion for Splunk Cloud customers for supported data sources where available" Are you using Splunk Cloud? Its also worth checking the following Lantern docs https://lantern.splunk.com/Data_Descriptors/Microsoft/Getting_started_with_Microsoft_Azure_Event_Hub_data as an alternative - this uses Splunk Add-on for Microsoft Cloud Services which you've already referrenced. Either of these options are good contenders. Alternatively there is a third option, which is to use HEC and Azure Functions to push the data. Check out https://github.com/splunk/azure-functions-splunk/blob/master/event-hubs-hec/README.md for more information around this.  Ultimately the best option for you depends on a number of factors - such as Cloud/Enterprise but also if you have the engineering support for things like Azure Functions etc.  Did this answer help you? If so, please consider: Adding karma to show it was useful Marking it as the solution if it resolved your issue Commenting if you need any clarification Your feedback encourages the volunteers in this community to continue contributing  
How can we pull Azure event hub logs to Splunk? I check that we cannot use HEC configuration for pulling the data. When I was checking for apps, there are 3-4 apps present for this: but I have found ... See more...
How can we pull Azure event hub logs to Splunk? I check that we cannot use HEC configuration for pulling the data. When I was checking for apps, there are 3-4 apps present for this: but I have found most of them are not supported now and older version. I found this app - https://splunkbase.splunk.com/app/3110. Not sure how to configure this? Is there any other add-on or approach we can follow to pull event hubs Azure logs to Splunk? Any leads would be appreciated.  
Hi @agonmu , please open a new case, even if on the same topic, otherwise its difficoult to answer you. Ciao. Giuseppe