Question on how to use the check_alerting_schedule for multiple schedule conditions. I've setup 1. schedules.csv for different pools of servers that undergo maintenance (App1_Maintenance, App2_Maintenance, App1_Server_Maintenance, App2_Server_Maintenance) 2. schedule_hours.csv for 24/7 working of these applications 3. schedule_maintenance_windows.csv for App1_Maintenance between 09:00AM to 12:00PM. App1_Server_Maintenance between 12:00PM and 04:00PM. The following day, I have a DataCenter_Maintenance between 04:00AM and 06:00AM Now, I can setup all application alerts with a check_alerting_schedule(App1_Maintenance) and all server alerts with a check_alerting_schedule(App1_Server_Maintenance). But, logically, when my DataCenter or App1's server is under maintenance, the alert schedule should be checked against all App1_Maintenance, App1_Server_Maintenance and DataCenter_Maintenance schedules to silence the false alerts. Is there a way that I can use multiple schedules to silence or enable alerts? ... View more

I'm using a search server 6.5.1 which is resulting in a 400 Bad request response on the POST request to http:///en-US/splunkd/__raw/servicesNS///search/parser. Strangely this is not happening on two other search heads that I have in the cluster. As a response in the browser response {messages: [{type: "FATAL", text: "Invalid query."}]} This is disabling user searches from the search server. I tried a couple of restarts to the search server but it didn't work. ... View more