This resolved my issue.  ... View more

This will update those lookups which are used for MC’s different views. It is always needed after you have done those changes on your infrastructure. ... View more

Thanks Ryan, Just an FYI and this is more for our customers. Please post issues for SecKit Windows Add On for ES Asset and Identities here: https://bitbucket.org/SPLServices/seckit_sa_idm_windows/issues?status=new&status=open Also if the issue is SecKit Common Add On for ES Asset and Identities use this Bitbucket link: https://bitbucket.org/SPLServices/seckit_sa_idm_common/issues?status=new&status=open You need to create a login on Bitbucket in order to post new issues but it is not required to see current issues. ... View more

Excellent. If you see weird behavior like that, drop me a line sooner rather than later. I don't mind the false positives cause it's usually one of like 3 things that can be answered by docs links. ... View more

Technically with Sideview Multiplex module you can now basically make an HTML module to hold the $foo$ tokens for the href and value of your link, and then "multiplex" that HTML module... See Multiplexer docs for more info. Coming shortly in Sideview Utils 2.5 is a "urlEncodeKeys" param on the HTML module that will makes this even easier. (prior to 2.5 users had to use a ValueSetter to url encode the relevant key(s)) ... View more

It appears this is not limited to just rangemap and gauge. It seems to be a problem with all *.py scripts on my system. My symptom was that "admin" could run all the *.py scripts located in $SPLUNK_HOME/etc/apps/search/bin, including rangemap and gauge. But regular users in any role I created could not run the scripts, even though they were set up with "read" permission and the scripts were "global". A work-around that I used was: Step 1. Copy rangemap.py ( likewise with gauge.py and any other *.py script you need ) from the $SPLUNK_HOME/etc/apps/search/bin directory to the $SPLUNK_HOME/etc/system/bin directory. Step 2. Add the following stanza to $SPLUNK_HOME/etc/system/local/commands.conf: [rangemap] filename = rangemap.py supports_getinfo = true supports_rawargs = true Step 3. Add the following stanza to $SPLUNK_HOME/etc/system/local/authorize.conf: [capability::run_script_rangemap] Step 4. Add the following to your custom role stanza. This is the stanza you created when you setup a new role in Splink Manager > Access Controls > Roles : [your_role] run_script_rangemap = enabled Step 5. restart splunk. This worked for me although I would not consider it a permanent fix because I would have to copy the *.py scripts again if Splunk updates them. ... View more