hi is anybody could give me a search to calculate the _indextime average for my events once it's done, what i have to do in the cron parameters of my alert to take into account this metric? thanks ... View more

Hi     <search> <query>index=* EventCode=25753 | stats count(EventCode) as toto | append [| search index=* EventCode=* | stats count(EventCode) as toto2]</query> <earliest>-7d@h</earliest> <latest>now</latest> <done> <condition> <set token="NbHost">$result.toto$</set> <set token="NbHost2">$result.toto2$</set> </condition> </done> </search> <option name="drilldown">none</option> <option name="underLabel">$NbHost$ / $NbHost2$</option>   I dont succeed to display the NbHost2 value under my single panel what is wrong please?     ... View more

hi i try to use a table icon viz like below in the static folder i have put the "table_icons_rangemap.js" and the 'table_decorations.css" files I call these file in my xml like this : <dashboard version="1.1" script="table_icons_rangemap.js" stylesheet="table_decorations.css"> when I run the dashboard nothing happens  I just have severe, high instead an icon I use 9..1.0.1 Splunk Enterprise version is anybody cant help please?? thanks   ... View more

Hi I want to inventory all Splunk tools related to artificial intelligence and observability Here is the list: Splunk AI Assistant - PREVIEW (formerly SPL Copilot) Splunk Machine Learning Toolkit (MLTK) Splunk App for Data Science and Deep Learning (DSDL) Splunk IT Service Intelligence Splunk App for Anomaly Detection Did I forget some tools? Thanks ... View more

Hi I use a splunk alert with a 24 hours slottime what is strange is that this alert show me an event older than 24 hours so I have 2 questiosn 1) How is it possible that an alert occurs with an event outside the slot time specified? 2) How to customize the alert for being sure that it shows only new events and not events already shown?  It means that I need the alert occurs just one time when an event is detected thanks ... View more