This is not something I configured intentionally.  This is the direct result of upgrade from Splunk 8.2.4 to 9.0.0. ... View more

I am getting that exact same set of errors as the original author on a basic 8.2.4 deployment server. ... View more

When a sourcetype is depreciated, is there somewhere I can look to understand why this action was taken.  We currently make use of that sourcetype in the Splunk Add-on for Juniper v1.2.0.  In doing some testing in our Splunk Dev environment, I found out the hard way that this was the case, as nothing parsed after that upgrade. What are customers to use, what that data and parsing is still needed? ... View more

I am working on the following which gives a more complete picture. Downloading to XLS and then turning on filtering allows you to easily see OS type, ForwarderType, Version, lastIndexer communicated with, etc. index=_internal source=*metrics.log component=Metrics group=tcpin_connections | dedup hostname | table hostname, sourceIp, os, arch, fwdType, version, ssl, guid, lastIndexer, _time | sort hostname ... View more

.conf2019 just around the corner ... any updates on getting .conf2018 data into this App? We have found this really useful and would love to just it updated. ... View more