Disregard.  I had put the setting in the [default] stanza, moved it to the [email] stanza, now the warning has resolved. ... View more

I just upgraded to 9.3.1 and was also getting that warning.  I set a value for allowedDomainList in system/local/alert_actions.conf, restarted the daemon, but I still get the message. Just wanted to post in case other experience the same behavior. ... View more

I know this is ancient, but I had the same issue with blank results because of this: https://community.splunk.com/t5/Splunk-Search/What-would-intermittently-cause-less-events-to-return-the-raw/m-p/490525 ... View more

Anybody got opinions on the opposite situation? I've always upgraded splunk using a tarball and extracted over top the prior /opt/splunk installation: ~6 upgrades. Now I'd like to switch to RPM, for all the stated advantages.  Any issues I need to worry about by installing the RPM over a prior tarball install?   ... View more

Similar has happened to me for my last 2 upgrades (9.0.5 and 9.1.0.2).  In both cases after the upgrade, some conf files end up with root:root ownership.  Before the upgrade they were splunk:splunk. Offending files (plus 1 .pyc file and migration.log in var/log/splunk): etc/system/local/eventtypes.conf etc/system/local/web-features.conf etc/system/local/authorize.conf Primary concern are the conf files.  The upgrade is by .tgz file run as splunk:splunk.  The initial start is run by root cuz it needs root permissions to create the systemd boot-start file.  Is this just going to keep happening since I need to run "splunk enable boot-start . . . " as root? It's not a big deal to run chown to fix everything, but it is a manually step when is sometimes forgotten. ... View more

I'm curious about this answer because in my 6.5.2 version, when setting up a range value for a preset I'm offered a checkbox for create submenu. But the submenu does not work. So I'm wondering if it was removed or if it's just broken. ... View more