This was one of the reasons why we didn't update to version 9. A word of caution to others: if you're still using version 8 and don't want this "nice feature", then the last functional version is 8.2.7. After the latest update, several of my dashboards are now broken, and users have been complaining. ... View more

Nice workaround. Thanks! ... View more

I digged a little deeper. Here is a "run everywhere" demo dashboard. <dashboard version="1.1"> <label>Link Redirect</label> <row> <panel> <table> <search> <query> | makeresults | eval movie = "Breaking Bad", id = "0903747" | append [| makeresults | eval movie = "Better Call Saul", id = "3032476"] | table movie, id </query> </search> <drilldown> <condition field="movie"> <link target="_blank">http://www.imdb.com/title/tt$row.id$</link> </condition> </drilldown> </table> </panel> </row> </dashboard> Click on the 1. movie. Choose "Don't show this again" and Continue. Now we find the following entry in session storage (Chrome Developer Tools -> Application -> Session Storage): Key: http://www.imdb.com/title/tt0903747 Value: true Logout from Splunk and login in the same tab keeps the data. Closing the tab deletes the entry from the session storage. You get the same problem, if you open a new splunk tab. The entry is missing for this session. From Google Search: "Use the local Storage object if you want some data to be on the browser. If you want it on the server, then use cookies, and the session storage is used when you want to destroy the data whenever that specific tab gets closed" Practically user has to klick "Don't show this again" for every table row, in every browser and for every new tab / session. How can you explain this to the user? ... View more

There is a new blog article about the topic: https://www.splunk.com/en_us/blog/platform/improving-security-updates-to-classic-simplexml-dashboards-containing-external-links-or-content.html  But it is not really helpful 😞 And the Dashboards Trusted Domains list (Settings > Server settings > Dashboards Trusted Domains List) seems to be found only in the cloud version. What about the enterprise customers? ... View more

Apparently Splunk remembers this only for the one row clicked. I have tables with thousands of rows and redirect columns. So you would have to confirm for every single row. This makes no sense and is not usable. @splunk: Is there a way to disable this via a .conf file? ... View more

I have the same question as @youngsuh. I really hope you don't forget the on-prem customers. ... View more

I'm using Splunk On-Prem. All I know is that the On-Prem Dashboard Studio Version is always behind the version in the Cloud. ... View more

Hi apietersen, I'm not a big fan of Dashboard Studio myself. Everything is so "clunky" and all the differences between the Cloud and On-Prem Version are simply frustrating. We're trying to use the Splunk UI Toolkit , which gives you full freedom to implement Single Page Applications (SPA) using the React technology. But you need React Developers for that. Regarding Trackme App:  you definitele have to check it out. It's propably one of the best apps in the Splunk Store and very usefull.   ... View more

Hi apietersen, thanks for the update regarding version 8.2.6! Version 8.2.5. is a lot of fun 😞 This is what I get using TrackMe And here using Metricator for NMON Additionally some of my tables with custom JavaScript (SimpleXML BaseCellRenderer) aren't working anymore. Still looking for solution 😞 ... View more

BTW: I can reproduce the problem in version 8.2.4 All you have to do is to set version="1.1" <dashboard version="1.1"> As desrcibed here It seams to be related to the jQuery 3.5 update. ... View more

I also see the problem with Splunk's own dashboards. Here an example from the monitoring console: http://localhost:8000/en-US/app/splunk_monitoring_console/scheduler_activity_instance They are using: <option name="height">80px</option> The text under the the numbers is hidden: And here my test dashboard: <dashboard> <label>SPL-219946</label> <row> <panel> <single> <search> <query>| makeresults count=1 | eval id = random()</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="height">50</option> </single> </panel> </row> </dashboard> Splunk Version 8.2.5 ... View more

Same problem her. Tried everything: host=host host=$host$ host={host} ...     ... View more

This is what worked for me: download the Python for Scientific Computing app https://splunkbase.splunk.com/app/2882 and copy the following two files  /opt/splunk/etc/apps/Splunk_SA_Scientific_Python_linux_x86_64/bin/linux_x86_64/lib/python3.7/lib-dynload/mmap.cpython-37m-x86_64-linux-gnu.so /opt/splunk/etc/apps/Splunk_SA_Scientific_Python_linux_x86_64/bin/linux_x86_64/lib/python3.7/lib-dynload/cmath.cpython-37m-x86_64-linux-gnu.so   to /opt/splunk/lib/python3.7   Tested it with custom search commands. ... View more

interval = 60 ... View more

I have version 8.0.2 installed and get the same error on my Search Head: Unable to initialize modular input "splunk_ta_aws_sqs" defined in the app "Splunk_TA_aws": Introspecting scheme=splunk_ta_aws_sqs: script running failed (exited with code 1) For some reasons I don't get this error on my Heavy Forwarder (8.0.2 as well) ... View more

My Heavy Forwarders and Indexers are at version 8.0.2 and I still get the error. Why should we set the negotiateProtocolLevel to 0, if both servers (HF & Indexer) are already at the newest version? ... View more

On SUSE Linux Splunk 7.2.5 crashes too: [build 088f49762779] 2019-03-25 11:19:56 Received fatal signal 6 (Aborted). Cause: Signal sent by PID 4302 running under UID 0. Crashing thread: Main Thread Registers: RIP: [0x00007FA7BA97BF67] gsignal + 55 (libc.so.6 + 0x34F67) RDI: [0x00000000000010CE] RSI: [0x00000000000010CE] RBP: [0x00007FA7BACE76D8] RSP: [0x00007FFF638DDE18] RAX: [0x0000000000000000] RBX: [0x00007FA7BA11ACE0] RCX: [0x00007FA7BA97BF67] RDX: [0x0000000000000006] R8: [0x000000000000000A] R9: [0x00007FA7BBE387C0] R10: [0x0000000000000008] R11: [0x0000000000000202] R12: [0x00007FA7BA4C56A0] R13: [0x00007FA7BA11AC90] R14: [0x0000562779FDC920] R15: [0x0000000000000000] EFL: [0x0000000000000202] TRAPNO: [0x0000000000000000] ERR: [0x0000000000000000] CSGSFS: [0x0000000000000033] OLDMASK: [0x0000000000000000] OS: Linux Arch: x86-64 Backtrace (PIC build): [0x00007FA7BA97BF67] gsignal + 55 (libc.so.6 + 0x34F67) [0x00007FA7BA97D33A] abort + 314 (libc.so.6 + 0x3633A) [0x00005627796467AD] ZN9gnu_cxx27verbose_terminate_handlerEv + 349 (search-launcher + 0x25107AD) [0x00005627795CC1D6] _ZN10cxxabiv111_terminateEPFvvE + 6 (search-launcher + 0x24961D6) [0x00005627795CC221] ? (search-launcher + 0x2496221) [0x00005627795CC5E8] ? (search-launcher + 0x24965E8) [0x0000562777BA78B9] ? (search-launcher + 0xA718B9) [0x0000562778816BD8] _Z17ProcessRunnerInitRK8Pathname + 808 (search-launcher + 0x16E0BD8) [0x0000562778E933AA] ? (search-launcher + 0x1D5D3AA) [0x0000562778817253] _ZN32ProcessRunnerChildCommandHandler19handle_command_forkEPK18proto_fork_commandPKv + 803 (search-launcher + 0x16E1253) [0x00005627788175D4] _ZN32ProcessRunnerChildCommandHandler11consumeDataERK3Str + 356 (search-launcher + 0x16E15D4) [0x000056277879494B] _ZN21SocketCommandConsumer13when_readableE18PollableDescriptor + 219 (search-launcher + 0x165E94B) [0x0000562778795D25] _ZN12PolledSocket3Pfd11when_eventsE18PollableDescriptor + 85 (search-launcher + 0x165FD25) [0x0000562778796246] _ZN8PolledFd8do_eventEv + 134 (search-launcher + 0x1660246) [0x000056277879721B] _ZN9EventLoop3runEv + 651 (search-launcher + 0x166121B) [0x00005627788166AC] _ZN20ExternalProcessGroup20process_runner_childERK8PathnameR14PolledReadPipe + 1084 (search-launcher + 0x16E06AC) [0x0000562778816BC5] _Z17ProcessRunnerInitRK8Pathname + 789 (search-launcher + 0x16E0BC5) [0x00005627782FBBD8] _ZN16SplunkMainThreadC1ERK8Pathnameb + 1064 (search-launcher + 0x11C5BD8) [0x0000562777BBE7D1] main + 17937 (search-launcher + 0xA887D1) [0x00007FA7BA967725] __libc_start_main + 245 (libc.so.6 + 0x20725) [0x0000562777C909A2] ? (search-launcher + 0xB5A9A2) Linux / zbm-sl-muc-0099 / 4.4.155-94.50-default / #1 SMP Tue Sep 11 13:04:00 UTC 2018 (bc8c7c0) / x86_64 /etc/SuSE-release: SUSE Linux Enterprise Server 12 (x86_64) glibc version: 2.22 glibc release: stable Last errno: 11 Threads running: 1 Runtime: 176.912315s argv: [splunkd --under-systemd --systemd-delegate=yes -p 8089 _internal_launch_under_systemd] Process renamed: [splunkd pid=1567] splunkd --under-systemd --systemd-delegate=yes -p 8089 _internal_launch_under_systemd [process-runner] Process renamed: [splunkd pid=1567] [search-launcher] Regex JIT enabled using CLOCK_MONOTONIC Preforked process=0/20: process_runtime_msec=12, completed_searches=0, user_changes=0, cache_rotations=0 First 512 bytes of PolledFd object @0x7fff638dec90: 00000000 e0 8c fd 79 27 56 00 00 00 00 00 00 da dd 42 65 |...y'V........Be| 00000010 00 8f 08 7a 27 56 00 00 00 00 00 00 00 00 00 00 |...z'V..........| 00000020 80 ef 8d 63 ff 7f 00 00 00 00 00 00 00 00 00 00 |...c............| 00000030 00 00 00 00 00 00 f0 3f 08 00 00 00 03 00 00 00 |.......?........| 00000040 40 b5 0b ba a7 7f 00 00 1b 20 00 00 ff 7f 00 00 |@........ ......| 00000050 00 00 00 00 00 00 00 00 7f 03 8d 63 ff 7f 00 00 |...........c....| 00000060 80 ec 8d 63 ff 7f 00 00 08 ed 8d 63 ff 7f 00 00 |...c.......c....| 00000070 00 00 00 00 00 00 00 00 00 f2 8d 63 ff 7f 00 00 |...........c....| 00000080 01 00 00 00 00 00 00 00 70 ee 8d 63 ff 7f 00 00 |........p..c....| 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000000b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000000d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000000e0 01 00 00 00 00 00 00 00 00 a0 12 ba a7 7f 00 00 |................| 000000f0 65 00 00 00 00 00 00 00 30 0b 00 00 00 00 00 00 |e.......0.......| 00000100 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000110 00 00 00 00 00 00 00 00 70 8d 12 ba a7 7f 00 00 |........p.......| 00000120 d0 87 12 ba a7 7f 00 00 30 9a 12 ba a7 7f 00 00 |........0.......| 00000130 12 00 00 00 00 00 00 00 08 7e 02 bc a7 7f 00 00 |.........~......| 00000140 00 00 00 00 ff 7f 00 00 e0 8c 12 ba a7 7f 00 00 |................| 00000150 60 88 12 ba a7 7f 00 00 a0 99 12 ba a7 7f 00 00 |`...............| 00000160 12 00 00 00 00 00 00 00 00 ec 8d 63 ff 7f 00 00 |...........c....| 00000170 70 ee 8d 63 ff 7f 00 00 b0 07 16 ba a7 7f 00 00 |p..c............| 00000180 26 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 |&.......&.......| 00000190 00 00 00 00 00 00 00 00 10 5d 0a ba a7 7f 00 00 |.........]......| 000001a0 2a 00 00 00 00 00 00 00 2a 00 00 00 00 00 00 00 |..............| 000001b0 00 00 00 00 00 00 00 00 1f 06 00 00 54 07 00 00 |............T...| 000001c0 d0 e5 4e ba a7 7f 00 00 d0 e5 4e ba a7 7f 00 00 |..N.......N.....| 000001d0 e0 e5 4e ba a7 7f 00 00 00 00 00 00 00 00 00 00 |..N.............| 000001e0 fe 22 b8 39 c1 c8 57 3f c6 00 00 00 00 00 00 00 |.".9..W?........| 000001f0 af 71 59 03 00 00 00 00 01 70 72 6f 63 2f 73 65 |.qY......proc/se| 00000200 x86 CPUID registers: 0: 0000000D 756E6547 6C65746E 49656E69 1: 000406F0 0E010800 FFFA3203 0FABFBFF 2: 76036301 00F0B5FF 00000000 00C30000 3: 00000000 00000000 00000000 00000000 4: 00000000 00000000 00000000 00000000 5: 00000000 00000000 00000000 00000000 6: 00000004 00000000 00000000 00000000 7: 00000000 00000000 00000000 00000000 8: 00000000 00000000 00000000 00000000 9: 00000000 00000000 00000000 00000000 A: 07300401 0000007F 00000000 00000000 B: 00000000 00000000 00000070 0000000E C: 00000000 00000000 00000000 00000000 😧 00000000 00000000 00000000 00000000 80000000: 80000008 00000000 00000000 00000000 80000001: 00000000 00000000 00000121 2C100800 80000002: 65746E49 2952286C 6F655820 2952286E 80000003: 55504320 2D354520 30393632 20347620 80000004: 2E322040 48473036 0000007A 00000000 80000005: 00000000 00000000 00000000 00000000 80000006: 00000000 00000000 01006040 00000000 80000007: 00000000 00000000 00000000 00000100 80000008: 0000302B 00000000 00000000 00000000 terminating... ... View more

To accomplish this, I would have to "hack" the splunk-perfmon.exe 😉 ... View more

Good point. I'm currently using the multikv mode and the data volume is really small ... View more

@ddrillic: thanks for the answer, but I already know this document. I'm talking about the new Splunk 7 feature: metrics index. ... View more

All you need is the Machine Learning Toolkit and to use the Panda Correlation Matrix Algorithm: http://docs.splunk.com/Documentation/MLApp/2.2.0/API/CorrelationMatrix Simply copy&paste the code and than: index=_internal sourcetype=splunkd group=* | timechart usenull=f useother=f count by group | fields - _time | fit CorrelationMatrix * | table index,* Here is the description of the available methods: https://pandas.pydata.org/pandas-docs/stable/generated/pandas.DataFrame.corr.html ... View more

It works. Thank you very much! ... View more