is there an option to update the value of a specific field within a specific artifact? I was able to update using phantom update_artifact action or with a REST call, but when the field is updated i...
Let's say Splunk keeps the last job artifacts from an accelerated search which spans the last 7 days.
What's the simplest way to access the job equivalent to last Monday through the API?
...erform the same dashboard operations a person would, but using REST APIs instead.
The PDF export is important because it compiles information from multiple searches into a single artifact, as opposed t...
I'm working on calculating the storage space taken up by a specific user. I would like to calculate the total size of their search artifacts at any given time - we would like to see if they are h...
Hi,
For troubleshooting and alerting purposes, I would like to be able to monitor the number of current active artifact objects in the dispatch directory of our search heads ($SPLUNK_HOME/var/r...
Hi
I'm running REST queries to retrieve containers that need to be reprocessed in function of the values of some of their artifacts values. My approach is querying the artifacts REST endpoint in t...
...M,
which is obviously rewarding us with the famous "The number of search artifacts in the dispatch directory is higher than recommended "
Is it expected for these jobs TTL to be 24h? I was somehow e...
The following error appears
"The number of search artifacts in the dispatch directory is higher than recommended (count=5155, warning threshold=5000) and could have an impact on search performance....
I am experiencing this as a continues notification in my environment: Search peer has the following message: The number of search artifacts in the dispatch directory is higher than r...
(Although this example will use Splunk's Lookup Editor app, it applies to custom REST commands in general.) I am using the Lookup Editor provided by Splunk from SplunkBase (authored by @L...