Good afternoon all I want to be able to get alerted, through email, when the splunkd service on my heavy forwarders does not start after 3 attempts to start the service (using the bash script and cron schedule at the link below) but how would I go about using sendmail in order to create the alert? https://www.digitalocean.com/community/tutorials/how-to-use-a-simple-bash-script-to-restart-server-programs ... View more

Environment: Splunk Enterprise version: 7.2.1 Two search heads (one is a master). Six heavy forwarders. Three indexers. One deployment server. I created a new index and deployed it out to the peers (indexers), installed the Mimecast for Splunk app on the search head, then worked with Mimecast to get data in to the app (which I can see since it's saying "parsed X amount of logs" in the troubleshooting section of the app), but the dashboards are not displaying anything. Where did I go wrong ya'll think? Thanks. ... View more