Hi Team, We are looking for the help to understand the issue we are facing. we have multiple index in our splunk cloud env, but when ever there is the load test is happening in our QA env one of the index logs ingestion is going very high. and same time we are noticing the all other indexes log (Prod and all) ingestion facing latency issue. logs ingestion is almost zero for all other index whenever there is a loadtest. we were thinking this may be we have only one cloud HF, so have deploy new HF and move all the QA logs to new HF. but, still its not solved. and showing that during the load test QA logs capturing all the resources and creating the delay for other index. please advice,          ... View more

Hi Team, I am looking for the help to send Report.  I have a scheduled report which is running every hour. can you please advise with search query. if I create new alert and  if alert trigger, scheduled report should be sent to recipients. I am aware about the CSV/ PDF attached. looking for something like to send scheduled report as result for notification if alert triggered . ... View more

Hi Team, I am looking for the help for the Event logs report if threshold match. I tried both way with creating a report and alert. but it either send me logs using |table _time, _raw  method or sending count using |stats count | where count >0 I need to schedule last 24hrs data  report like, only if there is a event  at 00:00 AM. Please guide me  Thank you ... View more

Hi Team, Is it possible to disable ticket integration and Mail notifcation integration temporary for all alerts ? during maintenance window. I found the below path in my splunk account  Settings---> Alert Action--> serviceNow integartion --> Status(Enable/Disable) Will this help to diable temporary integration ? Please advise, Thank you   ... View more

Hi Team, Is there any way to add TimeToken with timewrap on the dashboard. I have a dashboard ready to display this week data to compare with last week data having timewrap with 7d. But, I would like to add token to replace the 7d value as per choice. Search query:    index=ABC sourcetype="xyz" data earliest= -14d@d latest= @s | timechart span=15m partial=false count by data | timewrap 7d series=short |table _time, s0, s1 | rename s0 as this_week, s1 as last_week,   ... View more

Hi Team, Is it possible to stop alert for particular time window. Suppose I have a alert already created and running and I want to stop it on a coming Saturday from 1 PM to 4PM. is it possible whiteout doing it manual or not by using cron scheduler ?  Please help. Thank you ... View more