I am replying to very old thread but for members who will face this issue in future: below the correct way: [general] serverName =  pass4SymmKey =  site = site(0|1|2)   [clustering] manager_uri = https://xxxx:8089 mode = searchhead pass4SymmKey =  multisite = true         ... View more

Hello @random_event , It pulls whatever you have at that endpoint for all time.for example if you want to know all the KO belongs to x person you can filter it and see all the enabled and disabled KO’s belongs to the x.   ... View more

Hey,   1. You can try your login password as it seems Splunk taking SSO sign in. 2. If that doesn't work, you can create AD account and get necessary splunk access to that account.   ... View more

Hey @jadengoho ,  This is due to access issue ,After creating token/Tenant ID , That Token required the read permission of the API graph.  Below the excel sheet you can refer and ask the AD team to provide the read access to the token.  https://docs.google.com/spreadsheets/d/1YJAqNmcXZU-7O9CxVKupOkR6q2S8TXriMeLAUMYmMs4/edit#gid=0 One last things, if all the permission are up to mark check if the proxy is configured. ... View more

Hello  @xinyizhang, 1. As a prerequisite to connect the tableau with Splunk  , Download the Splunk ODBC connector for splunkbase . (https://splunkbase.splunk.com/app/1606/ ) 2. Login to tableau , On right side click on connect, you will see a form will pop up with Splunk Creds.  3. Add the details, Sever as splunkXXX.xx.xx. , Port will be 443  4. User should have access of Splunk URL. 5. Once connection is successful, you can see all the reports as a table in Tableau.   ... View more

II am facing the same issue, did you found any workaround for this issue? ... View more