This is the original link.  Anyone know where this has been moved to? http://wiki.splunk.com/Where_do_I_configure_my_Splunk_settings%3F It describes all of the props.conf attributes and which tier they are applicable to.

Upgraded to Splunk 9.0.1 from Splunk 8.2.1 MS-Windows AD Objects received the dashboard error, upgraded to MS-Windows AD Objects 4.1.1 which claims to be compatible with 9.0. But even after upgrading the same error persists. Does MS-Windows AD Objects use jQuery 3.5, does 9.0.1 not work with it or am I spinning my wheels trying to make this thing work? Have the same issue with other apps but figured I would start here. Looked through the boards found stuff on jquery 3.5 but nothing specific to AD objects 4.1.1.  Seems like most things work with the App it just always throws the error? Also tried the " clone the dashboard in the new studio option", no joy there.  Any help is appreciated   

I want to use the map command to add the total event times for each day during the time interval from 6am-6pm. For each day.... the "earliest" token in my map command = start of each day+6hours (Start1) the "latest" token in my map command = start of each day+18 hours(End 1) Using the tokens I use the map command to search over my set Splunk search timeframe. In my map command...    1. For each day, I subtract each events  Endtime from its starttime = Diff    2. To get the total event time for each day, I sum the time differences (sum(diff)) to get  the "total_time_of_events"    3. Next I take the info_max_time - info_min_time for each search (for each earliest and latest token searches) to get the time value for each 12 hour day. 4.  Finally I divide the total_event_time by the (search_time_span*100) for each search to get the total time percentage of events being pulled into Splunk by day YET it is not working!! My search returns "No results found". May I please have help? What am I doing wrong? CODE: |table BLANK hour date_mday date_month date_year |bin span=1d _time |eval Month=case(date_month="august","8") |eval Start=Month+"/"+date_mday+"/"+date_year |eval start= strptime(Start,"%m/%d/%y") |eval Start1=start+21600 |eval End1=start+64800 |map search="search (index...) earliest=$Start1$ latest=$End1$ |bin span=1d _time|dedup _time |eval timeend=strptime(DateEnd,\"%m/%d%Y %I:%M:%S %p\") |eval timestart=strptime(DateStart,\"%m/%d/%Y %I:%M:%S %p\") |eval diff=round(timeend-timestart)|stats sum(diff) as total_time_of_events by BLANK |addinfo |eval IntTime= info_max_time-info_min_time |eval prcntUsed=round((total_time_of_events/(IntTime))*100) |rename prcntUsed as Percent_of_event_time"

Hello, Data in CyberArk comes through the Syslog Server and CyberArk TA needs to be installed into Search head (or search head cluster) based on the SPLUNK web site (https://docs.splunk.com/Documentation/AddOns/released/CyberArk/Installation). I installed this TA directly into the Syslog server, but not working as expected. How I would configure, Syslog, SHC, and CyberArk? Any help would be highly appreciated. Thank you!