I want to say the minimal license was 250mb. But at any rate, I believe you can match your current license. Our current ITSI license matches our Splunk Cloud license. ... View more

Thank you! What's funny is i put in several support tickets as well as worked directly with our splunk reps and their support engineer and I lie to you not! Not one of them knew how to do this. Now I know ITSI isn't as popular or well accepted as Enterprise security but what has happened is its bleed all real support to their money maker and us ITSI folks have a much smaller support group and knowledge base. Their is a huge knowledge gap at splunk and in general of the Splunk ninja masters vs people who copy stuff off splunk base to survive each and every day. This seems like it should of been promoted along with Itsi. . Why they don't have these apps available as apart of the configuration bundle IIke they did with the universal forwarer install asking if you want to install the windows module during setup (there giving you options, people like options! ) where you can say select a check box for sql, vmware etc if your monitoring those type of devices or logs is beyond me. It's stupid to have a product that ships in a fashion where it won't work without a great deal of other apps of knowledge and configuration. .. installing this in a search head cluster and indexer cluster is of no smaller effort seeing how you have got to make sure you identify all your TAs or apps across your enterprise. .. adding space and configuration load. This has been my toughest challenge yet but I'm thankful ... View more

If you are on *nix, then you might be able to edit /etc/init.d/splunk I suspect if you run 'splunk enable boot-start' you will overwrite your changes though. But in there you could add your script to the splunk_start(), and splunk_restart() ... View more

Yes, i was missing the TA on the search head even though it was installed on the remote hosts. Sort of misleading since when you install the TA it says in big red letters (do not install on non *nix) ... View more

Your code is the same as what I have above. I tried it anyways. Still didn't work. 😞 ... View more

Hi, YES it is possible to do in ITSI. when you said you gonna use base search in regular dashboard use the same search in ITSI with out using stats, timechart or chart or table etc and select the aggregation values. which ITSI provides and select the field which you want to have thresholds on in the thresholds field and the you should be good to go. BUT dont forget to have your entities(host, IP etc) in your entities tab. ... View more