Seems like Splunk should incorporate that feature; however, as far as I can tell they haven't.  My work around has been to: 1.  Run Splunk https on port 8443. 2.  Install lighttp light web server that redirects http port 80 to https port 8443. 3.  Run firewalld and redirect port 443 to port 8443. ... View more

Here is a search results function which works reliably for me. You can alter the SecurityProtocolType to match the sslVersions type(s) exposed in your search head's server.conf file (server.conf:[applicationsManagement]:sslVersions) function get-search-results { param ($cred, $server, $port, $search) # This will allow for self-signed SSL certs to work [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 #(ssl3,SystemDefault,Tls,Tls11,Tls12) $url = "https://${server}:${port}/services/search/jobs/export" # braces needed b/c the colon is otherwise a scope operator $the_search = "search $($search)" # Cmdlet handles urlencoding $body = @{ search = $the_search output_mode = "json" } $SearchResults = Invoke-RestMethod -Method Post -Uri $url -Credential $cred -Body $body -TimeoutSec 300 return $SearchResults } $searchResults = get-search-results -server $server -port $port -cred $cred -search "index=_internal earliest=-5m | stats count by sourcetype" ... View more

showZeroValue = 1 http://blogs.splunk.com/2013/10/28/new-features-for-perfmon-in-splunk-6/ ... View more