So now that I've been trying different ways to solve this and no matter what I try I still get "Unknown endpoint" I'm starting to wonder if there is an /acl endpoint for tags. So, is it possible to change the permissions (ACLs) for a tag through the REST API? ... View more

Another data point for this. I can reproduce this behavior (unknown endpoint) in python as well as powershell. ... View more

The URI would be something like this: https://{searchhead}:8089/services/search/tags/{tag_name}/acl ... View more

The problem that still remains is what is the default installation directory? The VMware Tools can be installed in any of the following ways: Installed from a script. Installed as a package. Built from source (with the open source tools). All of these leave things installed in different places. ... View more

CPU ready time was just about the hardest thing for me to get my head around when I started working with vSphere and I'm still not always sure that I get it completely. The hardest part in understanding ready time is remembering that it is a summation of the ready times for all the vCPUs the VM has. However, when VMware talks about when you should worry they talk about ready times on a per vCPU basis. This means that you have to factor in how many vCPUs a machine has. VMware says that 1000ms/vCPU should be the warning point and 2000ms/vCPU should be the critical point. Since CPU ready times are collected over a 20 second period (20000ms) these work out to 5% and 10% respectively. The search below is what I use to look at CPU ready times. For any given VM it will look up the VM in the inventory that Splunk generates so that it can divide the SumRdy_ms by the number of CPUs (numCpu). From that I can then get the max values and the average values for my normalized Sum Ready Time. index=vmware source="VirtualMachinePerf" SumRdy_ms="*" perftype="cpu" moname="vmname" | lookup TimeHierarchyVMSummary moname | eval SumRdyPerCpu_ms=(SumRdy_ms / numCpu) | timechart max(SumRdy_ms) AS "Sum Ready Time" max(SumRdyPerCpu_ms) AS "Max Normalized Ready Time" avg(SumRdyPerCpu_ms) AS "Average Normalized Ready Time" ... View more

So now my question is, was this package left off of the FA intentionally? If so why? Can it be included in future releases of the FA? ... View more

$hostname$ is getting passed from a drop down selection earlier in the form. If I remove the lookup and eval lines from the search it works just fine. <input type="dropdown" token="hostname" searchWhenChanged="true"> <label>Host:</label> <populatingSearch fieldForValue="moname" fieldForLabel="moname"> | inputlookup TimeHierarchyVMSummary | search type=VirtualMachine Cluster=CloudCluster | dedup moname | sort + moname </populatingSearch> </input> ... View more

The trouble here is with VMware and not Splunk. VMware stores the ready time as a summation across all vCPUs in each VM. ... View more

Has anyone else seen this behavior? I'm having the same problem. Single search running every five minutes. I get double the number of entries in the summary_index. ... View more

This is great! Given how much data this app is likely to collect I would suggest a tuning document forthwith. ... View more

Actually I'm going to take the blame on this one. I was using Chrome instead of Firefox. Once I switched browsers it worked just fine. So color me knucklehead. ... View more

The Windows Admins are preventing me. They don't like installing "agents" on their domain controllers. ... View more