Does the error cause any other issues?  You have the data... sounds like the app works, it's just missing the conf.spec file or something.  I wouldn't worry too much about it if I were you, and I'm happy to add it to the bug list ... View more

Where does this error appear?  ... View more

If you're using server.pem in any of those config files then yes. ... View more

Auto mode only scans for certs that are in use in your default and local conf files that possibly contain links to pem files. that is to say, if you're using the cert in web, server, inputs, outputs,  Distsearch, conf files, the ssl checker app in auto mode, will discover you have specified a cert in one of those files and index its expiration date. ... View more

echo | openssl s_client -connect someserver:443 2>/dev/null | openssl x509 -noout -enddate ... View more

For the restor.sh, change splunkExePath to splunkBinPath everywhere you see it mentioned. ... View more

If they are all in the same index you can do this:      index=index | stats count by message_subject OR      index=index message_subject="[TNT-" OR message_subject="[CyberIntel Confidential]" OR message_subject="[CyFin" | stats count by message_subject   If they are in different indexes, you can do this:      index=index1 message_subject="[TNT-" OR index=index2 message_subject="[CyberIntel Confidential]" OR index=index3 message_subject="[CyFin" | stats count by message_subject ... View more

Lol, I'll do what I can!  Trying not to leave you holding a bag of bolts! ... View more

Im interested enough to spend some time on it tonight / tomorrow morning. This is a common issue and we need to nail it down. If you submit the issue on github i will share the "fame" with you  / give you "credit" for reporting the bug.  If things happen in my life (and they do often due to big family)... i might get distracted though.  So having the issue there serves as a reminder. Thanks, JKat54 ... View more

Yeah, its something to do with SPL filter mechanisms and nested dictionaries in json. Can you file a issue over on our github? https://github.com/bentleymi/TA-webtools/issues If you'll submit it with all the same details we will get to it as soon as we can. ... View more

Have you tried escaping the square brackets too?         \[{\"object_type\":\"entity\",\"_key\":\"<serviceid>\"}\]}" maybe all the brackets        \[\{\"object_type\":\"entity\",\"_key\":\"<serviceid>\"\}\]}" ... View more

You can now use the directory found here: https://www.youracclaim.com/organizations/splunk/directory?filter%5Buser_name%5D=Michael%20Bentley in the example above, you can see my certifications and verify them. ... View more