Hello! Checking in August 22, 2024 -- still not able to edit permissions on multiple objects at once.  ... View more

This is a really cavalier response to such a major change. It is not a simple task to 'update automation' in large organizations, where you also need to consider multiple legacy systems. As was mentioned above, Splunk has never officially supported the installation of both Enterprise and Forwarder on the same server, so who does this change benefit? ... View more

I am so glad I found this thread. You are completely spot on on everything you said. It is infuriating for us as admins and embarrassing for Splunk as a brand that such major changes are implemented in minor version releases with little to no notice or documentation.    Absolutely ridiculous to change default behavior of installer in a minor release. Period.   ... View more

Do you have any docs/references for point 2? >> With older versions of UF, it was run with Local System user by default. New versions use a user with a bit more "trimmed" permissions.  ... View more

yeah... just be aware that the token will show up in any tool that logs web traffic, since it is just plaintext in the url ... View more

this is not fixed in 9.0.4 ... View more

Honestly. Nearly 1 year later and 2 version revisions and every fresh UF install done on every server throws this out-of-the-box warning. Not at all impressed ... View more

none of these answers solves the root problem -- particularly in scenarios where the text log contains a json blob with nested json structure. It is quite confusing that spath command is not available in props.conf -- using spath in search is not an option for things like SIEMs where parsing needs to be done 'automatically' in order to fit into given data models or to map for CIM compliance. ... View more

While this works, it doesn't address the need of the OP. If you used a [default] stanza in an app that is shared globally, the LOOKUP would be applied to every single index & sourcetype -- which is no bueno. ... View more

I would be careful to convert to MB and round after sum'ing, not before ... View more

I am in a similar boat and I don't understand your answer... sorry ... View more

thanks, this was my problem too 🙂 ... View more

A little late to answer your question, but the sparklines are rendering -- it's just that it's setting the min value to whatever the data's value is, which in this case is a a constant -- so it 'draws' a null straight line. Try adding something like this to the XML: <option name="chartRangeMin">0</option> ... View more

Hello, I'd like to add my voice to this as I am have the same concern as pkeller. We don't have the luxury of setting SAS token expiry date 'far in the future' -- it needs to be less than 3 months. Our system is configured to generate a new SAS token one week before the current token expires. pkeller's solution is a good idea --> If we can have two SAS tokens in each storage account config then when the first one expires/fails the second one will be attempted. Another big concern is that we need to have a way to update SAS tokens without manually typing. The Azure Monitor Add-on for Splunk, for instance, connects directly to a keyvault to retrieve SAS tokens -- this is a valuable feature. ... View more

This is a question for Microsoft/Azure team, not Splunk. As far as I know, no -- it doesn't seem to be supported at this time. ... View more

Previous answer was a great initial template. I took a try at building upon it to add some functionality to the checkboxes. It depends on what your usecase is, but see below: var selected = []; // 'selected' is an array that contains the IDs of every checkbox that the user selects. $(document).on('click', '.customcheck', function() { if($(this).children("i").css("display") == "none") { // Do this if the box is going from unchecked to checked: $(this).children("i").css("display", "inline"); selected.push($(this).children("i").prop("id")); } else { // Do this if the box is going from checked to unchecked: $(this).children("i").css("display", "none"); var index = selected.indexOf($(this).children("i").prop("id")); if (index > -1) { selected.splice(index, 1); } } }); require([ "splunkjs/mvc", "splunkjs/mvc/utils", "splunkjs/mvc/tokenutils", "underscore", "jquery", "splunkjs/mvc/simplexml", "splunkjs/mvc/layoutview", "splunkjs/mvc/simplexml/dashboardview", "splunkjs/mvc/simplexml/dashboard/panelref", "splunkjs/mvc/simplexml/element/chart", "splunkjs/mvc/simplexml/element/event", "splunkjs/mvc/simplexml/element/html", "splunkjs/mvc/simplexml/element/list", "splunkjs/mvc/simplexml/element/map", "splunkjs/mvc/simplexml/element/single", "splunkjs/mvc/simplexml/element/table", "splunkjs/mvc/simplexml/element/visualization", "splunkjs/mvc/simpleform/formutils", "splunkjs/mvc/simplexml/eventhandler", "splunkjs/mvc/simplexml/searcheventhandler", "splunkjs/mvc/simpleform/input/dropdown", "splunkjs/mvc/simpleform/input/radiogroup", "splunkjs/mvc/simpleform/input/linklist", "splunkjs/mvc/simpleform/input/multiselect", "splunkjs/mvc/simpleform/input/checkboxgroup", "splunkjs/mvc/simpleform/input/text", "splunkjs/mvc/simpleform/input/timerange", "splunkjs/mvc/simpleform/input/submit", "splunkjs/mvc/searchmanager", "splunkjs/mvc/savedsearchmanager", "splunkjs/mvc/postprocessmanager", "splunkjs/mvc/simplexml/urltokenmodel", "splunkjs/mvc/tableview" ], function( mvc, utils, TokenUtils, _, $, DashboardController, LayoutView, Dashboard, PanelRef, ChartElement, EventElement, HtmlElement, ListElement, MapElement, SingleElement, TableElement, VisualizationElement, FormUtils, EventHandler, SearchEventHandler, DropdownInput, RadioGroupInput, LinkListInput, MultiSelectInput, CheckboxGroupInput, TextInput, TimeRangeInput, SubmitButton, SearchManager, SavedSearchManager, PostProcessManager, UrlTokenModel, TableView ) { var RangeMapIconRenderer = TableView.BaseCellRenderer.extend({ canRender: function(cell) { // Only use the cell renderer for the Select field return (cell.field === 'Select'); }, render: function($td, cell) { if(cell.field === 'Select') { //console.log("cellData: ", cell); var cellvalue = cell.value; // This is to handle page changes. If the user selects a box, goes to next table page, then goes back, it rechecks that box to maintain history. if(selected.includes(cellvalue)) { $td.html('<label class="checkbox"><a href="#" data-name="splunk_web_service" class="btn customcheck"><i id="'+cellvalue+'" class="icon-check" style="display: inline;"></i></a></label>'); } else { $td.html('<label class="checkbox"><a href="#" data-name="splunk_web_service" class="btn customcheck"><i id="'+cellvalue+'" class="icon-check" style="display: none;"></i></a></label>'); } } } }); mvc.Components.get('tableid').getVisualization(function(tableView){ // Register custom cell renderer tableView.table.addCellRenderer(new RangeMapIconRenderer()); // Force the table to re-render tableView.table.render(); }); } ); In our case, the next step would be to add a submit button that would trigger something to happen based on the values stored in the 'selected' array. ... View more

Great detailed answer. I tend to simply throw relevant tokens into the title or subtitle bar of each panel while developing. Any tokens that aren't set should be obvious. ... View more

I love this solution. It's full of cheating... it's great 🙂 ... View more

Some JavaScript intervention could be made to force the chart to redraw when tokens are updated. Wondering if this is the path you took. ... View more

Thanks for this! Having the same issue. Hopefully SIEM Connector will help us out too. ... View more