All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Hello All, We’re recently encountering an issue when editing a classic dashboard in Splunk. Whenever we try to edit a dashboard containing a "mailto" protocol, we receive the following error: Use... See more...
Hello All, We’re recently encountering an issue when editing a classic dashboard in Splunk. Whenever we try to edit a dashboard containing a "mailto" protocol, we receive the following error: Uses scheme: "mailto", but the only acceptable schemes are: {"https", "http"} However, dashboards without the "mailto" protocol are working fine and we are able to edit them without any issues. Has anyone experienced this before? Is there a known solution or workaround to bypass or resolve this issue, allowing us to edit dashboards that include the "mailto" protocol? would appreciate any guidance or suggestions. Thanks in advance! I
Sorry, I don’t know why it’s not available in the trial. It could be that the trial version is a lower than production version which is why it’s not displaying for you.?
Hi @Ankur.Sharma, Thanks for checking out the Community. Given how old this post is, it may not get a reply. If the community does not jump in soon, you can reach out to AppDynamics Support: How do... See more...
Hi @Ankur.Sharma, Thanks for checking out the Community. Given how old this post is, it may not get a reply. If the community does not jump in soon, you can reach out to AppDynamics Support: How do I open a case with AppDynamics Support? 
Also... INDEXED_EXTRACTIONS uses up disk space... so I almost never use it 
Thank you @gcusello. Our Proofpoint account manager said the following -  "There is an API but no mail flow API so Splunk wouldn't have anything on the Essentials side. Enterprise side - Remote Sysl... See more...
Thank you @gcusello. Our Proofpoint account manager said the following -  "There is an API but no mail flow API so Splunk wouldn't have anything on the Essentials side. Enterprise side - Remote Syslog gets them all sorts of mail flow details!  Having said that, the only way to get an integration with Splunk would be to upgrade from Essentials to our Enterprise email." Is there a way to get the Proofpoint data without an upgrade?
Hi @Kenny_splunk  other people will still be able to reply but the one accepted will be at the top to allow others to see it easily if they come across the same questions.  Thanks! will
LOL/SOB I really wish there was more compliance around CIM, especially for these TAs built by big industry types... but yes...self-CIM
I don't think you actually want to remove "ALL" from the multi-select...it makes it so people can go back to the default when they are done with whatever choice they made originally.  I would say if ... See more...
I don't think you actually want to remove "ALL" from the multi-select...it makes it so people can go back to the default when they are done with whatever choice they made originally.  I would say if you don't want people to go back to the default...then maybe you don't it there at all in the first place?  Or maybe you don't actually want a multi-select but just a regular drop-down list?  But it seems to me if you want it there in the first place, you actually want it there always so people can revert back to the default behavior of the dashboard when they are done messing around  (IMO).
Here is my existing multiselect XML.. <input type="multiselect" token="app_name"> <label>Application Name</label> <choice value="*">All</choice> <default>*</default> <initialValue>*</initialValu... See more...
Here is my existing multiselect XML.. <input type="multiselect" token="app_name"> <label>Application Name</label> <choice value="*">All</choice> <default>*</default> <initialValue>*</initialValue> <fieldForLabel>app_name</fieldForLabel> <fieldForValue>app_name</fieldForValue>   <search base="base_search"> <query> |stats count by app_name </query> </search> <valuePrefix>app_name="</valuePrefix> <valueSuffix>"</valueSuffix> <delimiter> OR </delimiter> </input>
@ITWhisperer thanks for the reply. Where I need to give this input? In my existing multiselect input?
I just removed complete kvstore folder from "/opt/splunk/var/lib/splunk/" after taking the backup and restart the splunk services.
Please provide more detail as to what you are trying to do and what you have already tried.
You can do this without javascript - here is a SimpleXML example <input type="multiselect" token="alloptions" searchWhenChanged="true"> <label>Options $alloptions$</label> <choice va... See more...
You can do this without javascript - here is a SimpleXML example <input type="multiselect" token="alloptions" searchWhenChanged="true"> <label>Options $alloptions$</label> <choice value="All">All</choice> <search> <query> | makeresults count=20 | streamstats count as row | eval option="Option ".mvindex(split("ABCDEFGHIJKLMNOPQRSTUVWXYZ",""),row-1) | eval label="Option ".mvindex(split("abcdefghijklmnopqrstuvwxyz",""),row-1) | table option label </query> </search> <fieldForLabel>label</fieldForLabel> <fieldForValue>option</fieldForValue> <delimiter>,</delimiter> <change> <eval token="form.alloptions">case(mvcount('form.alloptions')=0,"All",mvcount('form.alloptions')&gt;1 AND mvfind('form.alloptions',"All")&gt;0,"All",mvcount('form.alloptions')&gt;1 AND mvfind('form.alloptions',"All")=0,mvfilter('form.alloptions'!="All"),1==1,'form.alloptions')</eval> </change> </input>  
Hi @emkenick , could you share your search in the multiselect? Ciao. Giuseppe
In which component ( I mean deployer or direct search head) I need to give this JS? can you please specify full path?
Where I need to keep this JS? In dashboard or in any path? 
I opened a support ticket, and they discovered that my Okta/SAML/SSO had a "role" (for my SH (search head)) that was not present on my DS or HF (it wasn't necessary).  However, my account was inherit... See more...
I opened a support ticket, and they discovered that my Okta/SAML/SSO had a "role" (for my SH (search head)) that was not present on my DS or HF (it wasn't necessary).  However, my account was inheriting the "admin" role so IMO it shouldn't have mattered.  I added the "role" to my HF and DS and was able to proceed.   But then...it happened again in another part of the UI.  I opened another support ticket and the advice was not to use Add-On Builder in a distributed environment...which didn't make sense, what would having a distributed environment have to do with it?   What Add-On Builder does not like, I suspect, is basically any instance of Splunk with "roles" associated to accounts that are not the local/default admin and ONLY the local/default admin. I deployed a stand-alone, local, Enterprise instance on my laptop NOT integrated with Okta/SAML/SSO and everything works fine...so that is the solution 
Essentially you need to create the following in a allSelect.js file in appname/appserver/static:   require([ 'jquery', 'splunkjs/mvc', 'splunkjs/mvc/simplexml/ready!' ], function($,... See more...
Essentially you need to create the following in a allSelect.js file in appname/appserver/static:   require([ 'jquery', 'splunkjs/mvc', 'splunkjs/mvc/simplexml/ready!' ], function($, mvc){ $('#multi').on("change",function(){ var multi1 = mvc.Components.get("multi"); var tokens = mvc.Components.getInstance("default"); var mytoken = tokens.get("multi") if (mytoken.length > 1 && mytoken.includes("All")) { // If "All" was selected before current (more specific) selection, remove it from list if (indexOfAll == 0) { var temp = mytoken.split(" ") var temp1 = temp[1] multi1.val(temp1); } else { // "All" was selected last, clear input and leave only "All" in it multi1.val("All"); } } }); });   Then update the first line of your dashboard to something like this: <form script="allSelect.js">  
Hi @marycordova  When you navigate to the UI, try opening DevTools/Console (this depends per browser) and have a look at the console when you load the Add-on builder UI - are there any errors or 4xx... See more...
Hi @marycordova  When you navigate to the UI, try opening DevTools/Console (this depends per browser) and have a look at the console when you load the Add-on builder UI - are there any errors or 4xx/5xx errors in there? This might help point to why it isnt loading correctly. Let us know if you see any errors and can try and help further. Regards Will
I've installed the Splunk Add-On Builder but the UI is blank/won't load...I've tried installing on my HF (Heavy Forwarder) and my DS (Deployment Server) (HF is under a lot of load) but still the prob... See more...
I've installed the Splunk Add-On Builder but the UI is blank/won't load...I've tried installing on my HF (Heavy Forwarder) and my DS (Deployment Server) (HF is under a lot of load) but still the problem persists.