In this version (v2.0), I used Splunk summary index technique to improve the searching performance. And therefore, your method of renaming sourcetype=netflow_xxx will not work anymore, because the summary index will rename the sourcetype to 'stash'. What you might be able to do is using a 'host' field in your search to separate between each of your server.
... View more
Can you check the content of $SPLUNK_HOME/etc/apps/Splunk_CiscoIPS/var/log ? and see if the scripted input is still working properly to pull data from your IPS.
... View more
Looking through the file: $SPLUNK_HOME/share/splunk/search_mrsparkle/modules/messaging/Message.js
I believe that there are five levels that you can use to filter messaging: debug, info, warn, error, and fatal. For example, if you want to show only error and above level messages, you can use it like this:
*
error
... View more
What version of the app are you using? There was a bug in the app v4.6 that caused this error. Please try to download and install the latest version of the app, and see if that will fix it.
... View more
There was a bug in the app v4.6 that caused the appflow collector to not be able to receive data. Please try to download the latest version of the app, and see if that will solve your problem.
... View more