A dashboard which uses tabs.js and tabs.css worked all along and suddenly we get the error message -    A custom JavaScript error caused an issue loading your dashboard, likely due to the dashboard version update. See the developer console for more details.     What can it be?  

I am making custom Splunk command that looks to see if today a holiday and changes the threshold if it is. if it's a holiday, would I just use "if" command to change the threshold value. Current python code  # changing threshold value if today != us_holidays: int() >>> "123131241".isdigit() True  

We have data on a Splunk instance that needs to be retained for audit purposes. The new instance owner will not allow the old data to be ingested. What would be method to retain data for required time period without retaining old instance?

@douglashurdI had eStreamer Add-on v5.1.3 installed and believe the bytes-in/bytes-out and packets-in/packets-out are inverted. From cisco:firepower:syslog raw event - SrcIP: [Internet-IP], DstIP: [Firewall-IP], InitiatorPackets: 1, ResponderPackets: 0, InitiatorBytes: 54, ResponderBytes: 0 parsed fields - src_ip = [Internet-IP], dest_ip = [Firewall-IP], packets_received = 0, bytes_out = 54, From cisco:estreamer:data raw event - src_ip= [Internet-IP], dest_ip= [Firewall-IP], src_pkts=1, dst_pkts=0, src_bytes=54, dest_bytes=0 parsed fields - src_ip = [Internet-IP], dest_ip = [Firewall-IP], packets_in=1 , packets_out=0, bytes_in=54, bytes_out=0 As you can see in the parsed events, that the syslog event indicates 54 bytes sent outbound, while the eStreamer logs indicates the bytes are inbound. I believe the the raw logs in both cases indicate that the bytes were sent outbound, so I think the cisco:estreamer:data parser may be incorrect here. Thanks, Gord T.

Hi all, I am trying to extract threshold values I have defined for some BTs under an app. I can find API calls to get controller level settings, health rules, apps in a controller etc. but nothing like threshold settings (the ones that are used to classify a transaction as slow/very slow). Anyone aware of a solution for this? regards Philippe

Hi Splunk Experts, I have configured custom application on deployment server, however my linux universal forwarder is not appearing for App client config.  And also not appearing in forwarder management clients section  . On Linux Universal Forwarder,  config for the deployment  server and Communication also allowed between UF and DS server. However server is not appearing  Commands : splunk set deploy-poll 10.1.1.30:8086                          splunk restart    

I'm trying to do a search with a lookup table and can't seem to get the search to perform what I'm wanting. I have some data that produces a table output like below. _time user interesting 8/18/22 user1 a few words here   I have a lookup table with a list of words in it. The lookup table has a header of "Words" and a list of words separated by line feed. I would like to perform a search where I get back the sub results of the main search where a single word in my lookup matches anywhere in the interesting field. I got a partial match with the following search.   my search terms | lookup WordsLookup.csv Words as Interesting OUTPUT Words | table _time, user, Interesting, Words   In this case, it will return all results for my search terms and only a match where the Interesting field is EXACTLY the lookup of Words. I set WILDCARD(Words) in the lookup definition.   Help? Thanks

Hi All, I am new to Splunk and the SPL in general so I will try and explain as best I can.  I have been tasked to produce an UP/DOWN dashboard to show different Microsoft Cloud services and their statuses.  We are importing data from the Microsoft Service Health and can run searches on it.  I am able to find each service (Microsoft Teams, Exchange Online, SharePoint Online etc) and their current status (up or down).  Now I need to show this in a dashboard but my manager wants to group the services in categories like, Core services, Productivity and Cloud Apps so that if a person navigates tot he dashboard they can click a dropdown and select the category then those services are displayed  with their UP/DOWN status.   Any help would be much appreciated.

I have scheduled report which will give the result of hostname and some other details in the table format and now i need to use this schedule report to get the same output in my dashboard. The dashboard should not rerun everytime i open it.  For example: i have scheduled report which will run everyday at 00:00 and return the details in table format and the same details should be shown in dashboard untill the next schedule report runs. can anyone help how to work on this