v 4.1.2
- app.manifest now includes:
"targetWorkloads": ["_search_heads"]
- outputlookup
removed from configure_lookup.xml
dashboard
- Removed all use of outputlookup
command to meet Splunk Cloud requirements. Replaced with API requests.
- Bug fix on batch update - incorrect increment could cause limit to be hit when updating causing loss of data in KV
- Better error handling - shows errors in UI if failure to edit or delete
v4.1.0
- Improvements to the 'Configure Broken Hosts Lookup' page
- Bug fix: when results hit over 1k entries, it hits the default 1k limit in limits.conf resulting in the kv store being emptied out. The results are now batched to prevent this issue.
Setup page added for app configuration.
The updates provided in 4.0.5 are:
- Python 3 support for Splunk 8.0.
- The app no longer has a setup.xml file to conform with Splunk Cloud's vetting process.
setup.xml
is allowed on cloud, all configuration is related to macros that come with this app. The following macros are available to configure:default_contact
default_expected_time
ignore_after
linuxoslog_index
min_count
search_additions
wineventlog_index
v3.3.6
- Row reordering feature added to 'Configure Broken Hosts Lookup' page. Can drag rows using the 'Comments' column.
- 'Add New Suppression' button added to top right to make more visible.
- Ability to Copy formatted row data to clipboard
- Added expectedTime_tmp for backup purposes.
- In edge cases where KV Store is being updated after a row-reorder on Configure page and user refreshes, KV Store data could be lost. For this reason, every change made backs up the current version to a expectedTime_tmp KV Store first
- On initial load of the table it will check if expectedTime is empty, if it is it will then check expectedTime_tmp for data and use that as a backup in case the KV Store was emptied. If both are empty then it is assumed this is a new install and the user has an option to add default values to the KV Store.
v3.3.5
- updated the savedsearch to account for sourcetype rewrites
KNOWN ISSUE:
Since kvstore doesn't allow reordering, use this process if a line needs to be moved:
1) go to the broken hosts search and run:
| inputlookup expectedTime | outputlookup expectedTime.csv
(this will populate the CSV with contents of the kvstore)
2) go to the lookup editor app:
- open the expectedTime.csv
- reorder the rows as necessary
- remove _key column
3) go to the splunk search window and run:
| inputlookup expectedTime.csv | outputlookup expectedTime
IMPORTANT: Update Instructions:
- v3.3.3 and greater uses a KV Store instead of a lookup file. Once the app is updated, you will need to populate the KV Store.
- This will only need to be done one time:
1. Run the following search which will dump all the results from the lookup into the KV Store:
| inputlookup expectedTime.csv | outputlookup expectedTime
2. Go to the new "Configure Broken Hosts Lookup" dashboard to check if data is populating on dashboard.
v3.3.4
- Removed unnecessary inputs.conf
v3.3.2:
v3.3.1:
v3.3.0:
Modified the savedsearch to use 'tstats' instead of 'metadata' to allow use of sourcetype for tuning.
Updated the savedsearch schedule to run every 30 minutes (because tstats takes longer than metadata).
Updated the savedsearch suppression to suppress for 2 hours instead of 1.
Updated the savedsearch suppression to include sourcetype.
Updated expectedTime lookup table to add a 'sourcetype' column.
Updated first_time script to add 'sourcetype' column to lookup table.
Added Broken Hosts dashboard.
Updated documentation to include Broken Hosts dashboard information.
Added app nav color.
RELEASE NOTES:
v3.1:
- Added setup page with default contact and default allowable lateness
v3.0:
- Another major rewrite
- Added the ability to suppress an item
- Added the ability to send different items to different contacts
v2.2:
- fixed issue with the index exclusions in the search
- reversed the order of the release notes, putting new version at the top
v2.1:
- wildcard in lookup table instead of empty quoted string
- app is visible (to allow the "run" button on the saved search to work)
- initial lookup table is now named with .sample extention to not over-write any previous tuning
v2.0: complete re-write of the app from scratch
- uses dbinspect and metadata commands to make this search much faster
- uses a lookup table to make tuning a breeze
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.