New alerts:

- `AllSplunkEnterpriseLevel - Splunk servers with resource starvation v2`

New reports:
- `SearchHeadLevel - indexes per dashboard`

Updated reports/alerts:
- `AllSplunkEnterpriseLevel - Splunk Servers with resource starvation` - reference to new version
- `AllSplunkEnterpriseLevel - Splunkd Log Messages Admins Only` - additional criteria
- `IndexerLevel - Slow peer from remote searches` - updated regex for Splunk 9.4 and above
- `IndexerLevel - RemoteSearches Indexes Stats Wilcard` - updated regex for Splunk 9.4 and above
- `IndexerLevel - RemoteSearches Indexes Stats` - updated regex for Splunk 9.4 and above
- `SearchHeadLevel - Excessive REST API usage` - added semantic jobs endpoints
- `SearchHeadLevel - platform_stats.remote_searches metrics populating search`
- `SearchHeadLevel - platform_stats access summary` - added semantic jobs endpoints
- `SearchHeadLevel - SHC Captain unable to establish common bundle` - additional criteria
- `SearchHeadLevel - Search Messages admins only` - additional criteria

Author: gjanders

README.md

@@ -359,6 +359,25 @@ These are appear to be from premium apps but it does imply that there is a mecha
 Feel free to open an issue on github or use the contact author on the SplunkBase link and I will try to get back to you when possible, thanks!
 
 ## Release Notes
+### 4.0.5
+New alerts:
+- `AllSplunkEnterpriseLevel - Splunk servers with resource starvation v2`
+
+New reports:
+- `SearchHeadLevel - indexes per dashboard`
+
+Updated reports/alerts:
+- `AllSplunkEnterpriseLevel - Splunk Servers with resource starvation` - reference to new version
+- `AllSplunkEnterpriseLevel - Splunkd Log Messages Admins Only` - additional criteria
+- `IndexerLevel - Slow peer from remote searches` - updated regex for Splunk 9.4 and above
+- `IndexerLevel - RemoteSearches Indexes Stats Wilcard` - updated regex for Splunk 9.4 and above
+- `IndexerLevel - RemoteSearches Indexes Stats` - updated regex for Splunk 9.4 and above
+- `SearchHeadLevel - Excessive REST API usage` - added semantic jobs endpoints
+- `SearchHeadLevel - platform_stats.remote_searches metrics populating search`
+- `SearchHeadLevel - platform_stats access summary` - added semantic jobs endpoints
+- `SearchHeadLevel - SHC Captain unable to establish common bundle` - additional criteria
+- `SearchHeadLevel - Search Messages admins only` - additional criteria
+
 ### 4.0.4
 New reports:
 - `SearchHeadLevel - access logs kvstore usage`

default/app.conf

@@ -14,7 +14,7 @@ supported_themes = light,dark
 [launcher]
 author = Gareth Anderson
 description = Alerts and dashboards as described in the Splunk 2017 conf presentation How did you get so big?
-version = 4.0.4
+version = 4.0.5
 
 [package]
 id = SplunkAdmins

default/data/ui/nav/default.xml

@@ -21,7 +21,8 @@
 			</collection>   
 			<collection label="Performance">		
 				<a href="/app/SplunkAdmins/alert?s=%2FservicesNS%2Fnobody%2FSplunkAdmins%2Fsaved%2Fsearches%2FAllSplunkEnterpriseLevel%20-%20Splunk%20Servers%20with%20resource%20starvation">Splunk Servers with resource starvation</a>
-				<a href="/app/SplunkAdmins/alert?s=%2FservicesNS%2Fnobody%2FSplunkAdmins%2Fsaved%2Fsearches%2FAllSplunkLevel%20-%20Time%20skew%20on%20Splunk%20Servers">Time skew on Splunk Servers</a>				
+                                <a href="/app/SplunkAdmins/alert?s=%2FservicesNS%2Fnobody%2FSplunkAdmins%2Fsaved%2Fsearches%2FAllSplunkEnterpriseLevel%20-%20Splunk%20servers%20with%20resource%20starvation%20v2">Splunk servers with resource starvation v2</a>
+				<a href="/app/SplunkAdmins/alert?s=%2FservicesNS%2Fnobody%2FSplunkAdmins%2Fsaved%2Fsearches%2FAllSplunkLevel%20-%20Time%20skew%20on%20Splunk%20Servers">Time skew on Splunk Servers</a>
 			</collection>   
 		</collection>   
 		<collection label="Splunk Config Issues">
@@ -300,6 +301,7 @@
 			<saved name="SearchHeadLevel - Lookup Editor lookup updates" />
 			<saved name="SearchHeadLevel - Datamodel access summary" />
 			<saved name="SearchHeadLevel - indexes per savedsearch" />
+                        <saved name="SearchHeadLevel - indexes per dashboard" />
 			<saved name="SearchHeadLevel - macros in use" />
 			<saved name="SearchHeadLevel - Search Queries Per Day Audit Logs" />
                         <saved name="SearchHeadLevel - Search Queries By Type Audit Logs" />         
@@ -461,6 +463,7 @@
 			<saved name="SearchHeadLevel - Lookup updates within SHC" />
 			<saved name="SearchHeadLevel - Lookup definitions with no lookup file or kvstore collection" />
 			<saved name="SearchHeadLevel - indexes per savedsearch" />
+                        <saved name="SearchHeadLevel - indexes per dashboard" />
 			<saved name="SearchHeadLevel - macros in use" />
                         <saved name="SearchHeadLevel - SHC conf log summary" />
 			<saved name="SearchHeadLevel - Searches dispatched as owner by other users" />
@@ -505,6 +508,7 @@
 			<saved name="SearchHeadLevel - access logs kvstore usage" />
 			<saved name="SearchHeadLevel - license usage per sourcetype per index" />
 			<saved name="SearchHeadLevel - indexes per savedsearch" />
+                        <saved name="SearchHeadLevel - indexes per dashboard" />
 			<saved name="SearchHeadLevel - macros in use" />
         		<saved name="SearchHeadLevel - platform_stats.audit metrics searches" />
 	                <saved name="SearchHeadLevel - platform_stats.audit metrics users" />
@@ -552,8 +556,9 @@
 			<a href="https://splunkbase.splunk.com/app/6449/" target="_blank">Sideview UI (User Activity details)</a>
 			<a href="https://splunkbase.splunk.com/app/6368/" target="_blank">Admins Little Helper for Splunk (btool, bundle utils and similar)</a>
 			<a href="https://splunkbase.splunk.com/app/4621/" target="_blank">TrackMe (Data Ingestion)</a>			
-                        <a href="https://github.com/redvelociraptor/gettingsmarter/tree/main">Getting Smarter about Splunk SmartStore (including HEC dashboards)</a>
-			<a href="https://github.com/TheWoodRanger/presentation-conf_24_audittrail_native_telemetry">Maximizing Splunk Core: Analyzing Splunk Searches Using Audittrail and Native Splunk Telemetry</a>
+            <a href="https://github.com/redvelociraptor/gettingsmarter/tree/main">Getting Smarter about Splunk SmartStore (including HEC dashboards)</a>
+			<a href="https://github.com/TheWoodRanger/presentation-conf_24_audittrail_native_telemetry">Maximizing Splunk Core: Analyzing Sphttps://github.com/guilhemmarchand/splunk-various/tree/mainlunk Searches Using Audittrail and Native Splunk Telemetry</a>
+			<a href="https://github.com/guilhemmarchand/splunk-various/tree/main">Various dashboards, for example splunk_enterprise_perf_insights.xml / splunk_cloud_perf_insights.xml</a>
 		</collection>
 	</collection>	
         <collection label="Summary_Reports">
@@ -562,6 +567,7 @@
 		<saved name="SearchHeadLevel - Lookup Watcher Recent Modification Summary" />
 		<saved name="SearchHeadLevel - license usage per sourcetype per index" />
 		<saved name="SearchHeadLevel - indexes per savedsearch" />
+                <saved name="SearchHeadLevel - indexes per dashboard" />
 		<saved name="SearchHeadLevel - access logs kvstore usage" />
 		<saved name="SearchHeadLevel - macros in use" />
 		<saved name="SearchHeadLevel - platform_stats.audit metrics searches" />