What error message are you getting now? ... View more

Which steps did you take to try to fix?  Your reply is too vague for me to help. ... View more

https://github.com/bentleymi/ta-webtools/issues/17 was created by another member of the community.  Accepting this as the answer. ... View more

All adjustable limits can be found in limits.conf.  Note that some limits can exist in an app context. That is to say limits in the search app can be different from the limits in your app. Any edits to core python code will be destroyed on upgrades (most likely) and may also trigger "file integrity" warnings as well.     ... View more

Perfect, do you mind accepting my answer as the solution?   ... View more

I confused it with the previous upgrade readiness app 🙂 I'll check this out in the lab, but the app has been blessed by cloud and that wouldn't be possible if it wasn't py3 compat. ... View more

V3.0.2 is fully cloud compatible and couldn't be if it wasn't python3 supported. ... View more

Yes, the solution is to use SPL commands to extract the fields from the curl_response field.   if it's json response, try | spath if it's csv, try | kv try | rex field=curl_response "(?<extractedFieldName>REGEXHERE)" ... View more

The latest version forces verify=True on ALL connections and can't be overridden.  That's so we could obtain cloud compatibility. you can use an older version of the app if you're not in splunk cloud.  If you are in splunk cloud, and perhaps even if you're not... another fix (perhaps better idea) is to setup proper TLS/SSL on the host you're attempting to connect to. ... View more

You could do this using the urifield option and eval.  Here's an example below: Using the urifield option | makeresults count=1 | eval uri="https://localhost:8089/services" | curl method=get urifield=uri   no reason you can't do something like | makeresults count=3 | streamstats count  | eval uri="https://abc.com:8089/app".count."/report".count"     ... View more

Glad I could help, what was "RR" though? ... View more

I agree!  Nicely explained! ... View more

Except that it doesn't apply RBAC view of the indexes. Except that it doesn't work if you can't reach indexers on 8089 and don't have indexes configured on your SH. Except that it's not as fast as eventcount and probably shouldn't be used in dashboard drop downs. ... View more

Hear me out... if you run a query that generates more events than the limit, it will not matter how often or even when you run that query. so what you have to do, is change your query or increase the limit.   ... View more

Does the query pull all the data every 10 minutes?  Instead of getting data for last 10m? If you run it every 5 minutes will it help? Please note the size limitation is not from my app, it's the limit on the azure API.  You have to reduce the results your query returns or it will always have this error. you should appeal to azure support if can't figure out how to reduce the size of your query, and can't increase the limit on the API. There's literally nothing I can do on my end to fix this issue.   ... View more

I'm not super familiar with log analytics queries. can you limit the time frame of the query? in splunk you have earliest, latest, etc.  can you grab half the data with one query and the other half with another? ... View more

Correct, I keep mixing up the name of the app. Which version of ssl checker are you using?   I will test this week and let you know if I have the same issue or not. ... View more

Does the slave-apps cert exist on the search heads?  If not; that explains why the code can't find it. ... View more

Ok, in the example ssl.conf you shared, it was directories, not paths to pem files.   Can you share ssl.conf, the version of ssl checker you're using and the version of splunk you are using so that I may try to replicate on my end? ... View more