Also in A&I 08-03-2024 03:38:37.525 INFO ChunkedExternProcessor [25501 searchOrchestrator] - Running process: /opt/splunk/bin/python3.9 /opt/splunk/etc/apps/SA-IdentityManagement/bin/entitymerge_command.py 08-03-2024 03:38:37.845 ERROR ChunkedExternProcessor [25506 ChunkedExternProcessorStderrLogger] - stderr: (AttributeError) module 'time' has no attribute 'clock' I searched around and changed: vi /opt/splunk/etc/apps/SA-Utils/lib/SolnCommon/cexe.py Change time.clock to time.time ... View more

Example rex |rex ".*\"LastmodifiedBy\":\s\"(?<LastmodifiedBy>[^\"]+)\"" |rex ".*\"ModifiedDate\":\s\"(?<ModifiedDate>[^\"]+)\"" |rex ".*\"ComponentName\":\s\"(?<ComponentName>[^\"]+)\"" |rex ".*\"RecordId\":\s\"(?<RecordId>[^\"]+)\"" ... View more

I ended up disabling and un-accelerating un-needed saved searches (76 of them). In a local instance of savedsearches.conf: /opt/splunk/etc/deployment-apps/Splunk_CiscoSecuritySuite/local/savedsearches.conf [Cisco WSA - Web Request Metrics - Users with Multiple UAs] disabled = 1 auto_summarize = 0 . . . [Cisco IPS - GC - Top Attackers] disabled = 1 auto_summarize = 0 ... View more