I configured WLM my v7.2.6 standalone installation. About saved searches, description of assignment is found in the docs. https://docs.splunk.com/Documentation/Splunk/7.2.6/Workloads/Useworkloadmanagement On the other hand, about embedded searches in dashbaords, can we control workload with pools? ... View more

We plan to create Splunk pre-installed virtual machine (VM) templates for internal use. We have assumed the following points should be taken steps with Splunk VM templates. Use hostname or FQDN in conf files instead of IP address directory. Separate credentials and apply them after VM instantiation. default auth method, SSL/TLS certs, keys for clustering (e.g. pass4SymmKey) Allocate enough (dedicated) resources for VMs. https://www.splunk.com/web_assets/pdfs/secure/Splunk_and_VMware_VMs_Tech_Brief.pdf Does someone have any other ideas or points to notine for VM templates? In a view point of DevOps, templates should be minimize like pure-OS, Splunk or other applications should be installed and configured via provisioning tools (Ansible, Chef, Puppet, Salt Stack, ...) after launch of VMs. ... View more

I create a simple dashboard and put a text field (token: field1) and a panel with shows result search query. <form> <fieldset submitButton="false"> <input type="text" token="field1" searchWhenChanged="true"> <label>field1</label> <default>*</default> </input> </fieldset> <row> <panel> <event> <search> <query>index=main "$field1$"</query> </search> </event> </panel> </row> </form> If user input the following keyword in the field " OR index=_internal earliest=-365d@d sourcetype="* (it should start with an orphaned double quote and end with an asterisk), the dashboard displayed the result from _internal log. Does someone have any idea to prevent SPL injections? ... View more

I use Machine Learning Toolkit 2.0.0 with Splunk Enterprise 6.5, and found implementations of algorithms in SPLUNK_HOME/etc/apps/Splunk_ML_Toolkit/bin/algos Only SGDClassifier, SGDRegressor, and SpectralClustering algorithms, data will be scaled with StandardScaler before calculation. It seems that the other algorithms (e.g. LenearRegression) do not scale data. Is scaling unnecessary with Splunk/Machine Learning Toolkit? If required, how do we standardize data before calculation? Scikit-learn notes "Standardization of datasets is a common requirement for many machine learning estimators". http://scikit-learn.org/stable/modules/preprocessing.html ... View more