Dear all, I think I have a working python script that will update `searchableDays` of multiple indexes (over 200). The script will loop through a CSV file that contains all the indexes name. I tested it to one and it worked. The `response.reason` was "202 Accepted". It did not return any link/URL or anything that will tell me if the process has completed...sort of "status" where I can request.get over-and-over until it says the change has completed. If Splunk ACS doesn't provide this, can I simply throw all the request.patch for all 200+ indexes? Will the SplunkCloud server be able to handle that (asynchronously)? Or is there a better way of doing this, i.e.: // PSUEDO CODE // setup splunk_api_url, mystack, header, PAYLOAD, etc for each row in CSV: idx = row.value url = splunk_api_url/mystack/adminconfig/v2/indexes/ + idx response = request.patch(url, header,  json=PAYLOAD) // here, wait for the update to complete before moving on to the next index   Thanks in advance! ... View more

Question in the title. Thanks in advance! ... View more

Do you happen to know if Cisco Meraki syslog, especially Flows and URLs have bytes in and bytes out? We're logging Meraki and there's no field whatsoever for bytes. Is it something that can be configured from Meraki logger console? Or the actual solution itself don't record that? ... View more

Has anybody encountered Windows Security logs that look like this? If so, how did you guys fix it?  Thanks in advance. ... View more

Has anyone experienced this kind of broken UI on Dashboard Studio? I've tried to restart Splunk but it's still happening. ... View more

Working on a SplunkCloud environment - we always keep things tidy by re-assigning ownership of KOs to either Nobody or the correct user with correct role. But why can't we do this for Calculated Fields? ... View more

Hi Linux Experts! Need help on a script that I'm working on to log sudo-enabled users. The script that I'm using is below   #!/bin/sh getent passwd | cut -f1 -d: | xargs -L1 sudo -l -U | grep -v 'not allowed'   It is a `.sh` file that's ran once a day. The corresponding output is then parsed and massaged by some SEDCMD stuff, not relevant here. This way, I can see which users are able to perform sudo on the machine.  Note: I am aware of the `usersWithLoginPrivs.sh` but this includes users that I'm not interested.  Hence the custom script. If there's another solution you can share, that'd be great. But here's my PROBLEM: linux admins are complaining that they're getting messaged because `splunk` user that runs this script is generating messages for them. And they don't want to get the messages. So, they suggested to append this command at the end of the script:   > /dev/null 2>&1   which I did. However, it does not print output anymore for those Splunk UFs that previously were able to.  Yes, the main solution to this problem is to give `splunk` user permission to run the script. But due to the complexity of our organization, we can't request the same thing across the board.  So, basically, of the thousands of linux servers that we have some can run this script, some cannot. That's currently okay. But to those that cannot, I'd like to modify the script in such a way that it will still work the same but will not produce any error. Is there any alternative? ... View more