| tstats count WHERE index=_internal _index_earliest=-1h _index_latest=now Just set your time range for the search to be greater than the expected delay * earliest_time = -1d@d * latest_time = +60d@d  ... View more

Hard a hard time debugging that one. It only works if your SPL code with subquery return is in a dashboard "base search". <dashboard> <label>My dashboard title</label> <search id="parent_search_1"> <query>``` put your query here with your subquery return $ ```</query> </search> <row> <panel> <table> <title>My child visualization</title> <search base="parent_search_1"> <query>``` have the rest of your query there ```</query>   ... View more

Almost 2023 in Splunk 9.x and it's still an issue... ... View more

If the hostname of your computer is "localhost", it won't even try to connect to the Deployment Server. ... View more

Splunk 8.x.x here. Profiling settings did block my apply bundle command. /opt/splunk/bin/splunk apply cluster-bundle Encountered some errors while applying the bundle. Cannot apply (or) validate configuration settings. Bundle validation is in progress. /opt/splunk/bin/splunk show cluster-bundle ... <bundle_validation_errors on master> ...   This command did the trick: curl -k -u admin https://CLUSTER_MASTER_IP:8089/services/cluster/master/control/default/cancel_bundle_push -X POST   And I could edit and apply the bundle afterwards. ... View more

Same problem, no solution found. If it can grab AWS namespaces, why can't it grab Custom namespaces? ... View more

Hi MonkeyK, to my understanding of that datamodel, Authentication is ONLY for the authentication process, not for monitoring the underlying session and thus will only show login events and only has two meaningful action states: "success" and "failure". Check the Network_Session datamodel to track your sessions and use the "start" and "end" tags to mark session login and logoff respectively. Oliver ... View more

| rex "(?<VMX>[^\/]+)\.vmx"   This one works...thanx for ur help ... View more