We have updated the Splunk Enterprise version to 9 recently. Regarding post upgrade validation, I have already gone through this - post In addition to these validation steps, I need to ensure all the dashboards, search reports/alerts, lookup files are working as expected in each app. If this can be achieved via manual check of each dashboard/report, then it will be a long process. There are so many dashboards/reports available in each app. Could anyone please let me know if there is a way to ensure the working of all splunk objects post upgrade? ... View more

Currently I have set up an alert to be triggered from Splunk Enterprise and notified in a group channel of Slack. Just curious to know is it possible and is there a way to send the visualization images of a respect query results from Splunk to Slack channel as alert notification. If so it will be very easy and have more readability for the users instead of checking the dashboard or clicking on the results of the alert query. Could anyone please help me on this? ... View more

In Splunk, each user role would be allocated with threshold memory limit. Once we exceeds the limit (in the form of running many/large search queries), we probably end with the error "Waiting for queued job to start". Is there a way to check the memory usage of my user profile (and/or other specific user) in Splunk? I would like to check the usage details, as it helps me to optimise my search and obviously it helps me in avoiding the error. I tried to find from the logs of `_internal` index, but unable to find the exact information.  Could anyone please help on this. ... View more

I have ran a scheduled search in my Splunk. I have checked the status of the job under my Splunk Enterprise -> Activity -> Jobs. Here I could see the job has ran and the status is "Done". But when I search the log for the run history of same job under "_internal" index and the sourcetype "scheduler", I don't have any logs for the run of respective scheduled search job. I can see my job has completed with status as done under Activity but under scheduler logs, I don't have any proof that such a job has ran at a particular time. Is this denoting some issue over here? Or am I missing something here in the way of checking the logs. Could someone please help me on this as soon as possible. ... View more

I have created a dashboard, only with custom search app with Java scripts in Splunk version 8 with simple xml code. Here is the reference - post. I would like to display the fields sidebar, when my search results are popping up. Could anyone please let me know, the steps to achieve this. ... View more

I have created a custom search app/view using Java script. I would like to include the bar called "search results tabs" as similar to search app. I have attached the screenshot of  the same. Below is the options which I am expecting in my custom search app I have created my custom search app using the Java script from Splunk website - Here is the link Could anyone please help me how to include that option in my Java script ... View more

I have custom search with Java scripts in Splunk version 8 with simple xml code. I am unable to get the options called "Event Actions" under each event results of my query. When a search query is entered in normal Search app, the results of the query has a part called Event Actions which have the options like Build Event Type, Find Performing Timings, Extract Fields and Show source. I have attached a screenshot for that. These options I am not getting in the results in my custom search app. I need this feature as soon as possible. Could anyone please help me on this ... View more

I have created a dashboard, only with custom search app with Java scripts in Splunk version 8 with simple xml code. Here is the reference - post. I have two issues with my custom search app. 1. Issue with Smart mode: - When the search query is entered and search bar return the results, it provides the result in "Smart mode". - In this mode, the raw event log is not displayed, instead of that, the fields and the values in each raw event are displayed as table format even for a very simple query like   index=main source=abc sourcetype=xyz   - If I switch to Fast mode manually, then I get the raw events but it's not readable. To view a complete log event, I need to scroll to right till the end. - It will be good if the raw event is wrapped together to the screen size and easily readable (as like normal Search app). 2. Issue with the option "Event Actions" - In the search app, when we get results for a query, we can see a small dropdown attached to each event results. - The dropdown shows the options like Extract fields, show source, Event type, etc., - The dropdown also shows the field-value like host, source, sourcetype and index - These options are missing in my custom search app results. These two issues need fix as soon as possible, so that I can make my custom search app provide results similar to the inbuilt search app. Could anyone please help me on fixing this issue as soon as possible ... View more