gjanders
diff --git a/‎README.md‎
Lines changed: 35 additions & 0 deletions b/‎README.md‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎default/app.conf‎
Lines changed: 1 addition & 1 deletion b/‎default/app.conf‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎default/data/ui/nav/default.xml‎
Lines changed: 6 additions & 4 deletions b/‎default/data/ui/nav/default.xml‎
Lines changed: 6 additions & 4 deletions
@@ -359,6 +359,41 @@ These are appear to be from premium apps but it does imply that there is a mecha
 Feel free to open an issue on github or use the contact author on the SplunkBase link and I will try to get back to you when possible, thanks!
 
 ## Release Notes
+### 4.0.1
+New dashboard:
+-`heavy_forwarder_analysis` - as found in the conf24 presentation PLA1509B
+
+ New reports:
+- `SearchHeadLevel - Job performance data per indexer handoff time`
+- `SearchHeadLevel - KVStore collection size`
+- `SearchHeadLevel - Savedsearches with schedules and no next_scheduled_time`
+
+Updated alerts:
+- `AllSplunkEnterpriseLevel - Splunkd Log Messages Admins Only` - search updates
+- `AllSplunkEnterpriseLevel - Email Sending Failures` - added app context
+- `IndexerLevel - These Indexes Are Approaching The warmDBCount limit` - added datatype=all argument
+- `IndexerLevel - Cold data location approaching size limits` - added datatype=all argument
+- `IndexerLevel - Unclean Shutdown - Fsck` - added datatype=all argument
+- `SearchHeadLevel - Peer timeouts or authentication issues` - updates to use Splunkd source
+- `SearchHeadLevel - Splunk alert actions exceeding the max_action_results limit` - excluded summary indexing
+- `SearchHeadLevel - Scheduled Searches without a configured earliest and latest time` - rewrote search for efficiency
+- `SearchHeadLevel - Search Messages user level` - search updates
+- `SearchHeadLevel - Search Messages admins only` - search updates
+
+Updated dashboards:
+- `splunk_forwarder_output_tuning` - updated comments, removed heartbeatFrequency
+
+Updated macros:
+- `search_type_from_sid` - minor tweaks to regex
+
+Updated reports:
+- `SearchHeadLevel - indexes per savedsearch` - corrected typo on multisearch, re-wrote parts of the query to include subsearches as well
+- `SearchHeadLevel - Indexes for savedsearch without subsearches` - corrected typo on multisearch
+- `SearchHeadLevel - Search Queries summary non-exact match` - added delim for index IN (a b c), corrected typo on multisearch, updated description to link to https://github.com/TheWoodRanger/presentation-conf_24_audittrail_native_telemetry
+- `SearchHeadLevel - Search Queries summary exact match` - added delim for index IN (a b c), corrected typo on multisearch, updated description to link to https://github.com/TheWoodRanger/presentation-conf_24_audittrail_native_telemetry
+
+Also updated the navigation menu.
+
 ### 4.0.0
 - Merged pull request from sifters relating to replacing comment macro with the triple backtick option introduced in Splunk 8.1. This involved editing many searches to change the format of the comments.
 
 
@@ -14,7 +14,7 @@ supported_themes = light,dark
 [launcher]
 author = Gareth Anderson
 description = Alerts and dashboards as described in the Splunk 2017 conf presentation How did you get so big?
-version = 4.0.0
+version = 4.0.1
 
 [package]
 id = SplunkAdmins
 
@@ -286,9 +286,6 @@
 		    <saved name="IndexerLevel - RemoteSearches Indexes Stats Wilcard" />
 		    <saved name="IndexerLevel - RemoteSearches - lookup usage" />
                 </collection>
-		<collection label="External">
-			<a href="https://github.com/silkyrich/cluster_health_tools/">The cluster_health_tools git repository contains very useful dashboards for various indexer related performance stats</a>
-		</collection>
 	</collection>
 	<collection label="LicenseMaster">  
 		<a href="/app/SplunkAdmins/alert?s=%2FservicesNS%2Fnobody%2FSplunkAdmins%2Fsaved%2Fsearches%2FLicenseMaster%20-%20Duplicated%20License%20Situation">Duplicated License Situation</a>
@@ -319,6 +316,7 @@
 			<saved name="SearchHeadLevel - Lookups within a dashboard" />
 			<saved name="SearchHeadLevel - Lookups within savedsearches" />
 			<saved name="SearchHeadLevel - Job performance data per indexer" />
+			<saved name="SearchHeadLevel - Job performance data per indexer handoff time" />
 			<saved name="SearchHeadLevel - Jobs endpoint example" />
 			<saved name="SearchHeadLevel - configtracker index example" />
 			<saved name="SearchHeadLevel - configtracker index example2" />
@@ -390,6 +388,7 @@
 				<a href="/app/SplunkAdmins/alert?s=%2FservicesNS%2Fnobody%2FSplunkAdmins%2Fsaved%2Fsearches%2FSearchHeadLevel%20-%20Splunk%20alert%20actions%20exceeding%20the%20max_action_results%20limit">Splunk alert actions exceeding the max_action_results limit</a>
 				<a href="/app/SplunkAdmins/alert?s=%2FservicesNS%2Fnobody%2FSplunkAdmins%2Fsaved%2Fsearches%2FSearchHeadLevel%20-%20Splunk%20Scheduler%20logs%20have%20not%20appeared%20in%20the%20last">Splunk Scheduler logs have not appeared in the last</a>
 				<a href="/app/SplunkAdmins/alert?s=%2FservicesNS%2Fnobody%2FSplunkAdmins%2Fsaved%2Fsearches%2FSearchHeadLevel%20-%20summary%20indexing%20searches%20not%20using%20durable%20search">SearchHeadLevel - summary indexing searches not using durable search</a>
+				<saved name="SearchHeadLevel - Savedsearches with schedules and no next_scheduled_time" />
 	  		</collection>									
 			<collection label="Other">
 				<saved name="SearchHeadLevel - Knowledge bundle replication times metrics.log" />							
@@ -459,6 +458,7 @@
                         <saved name="SearchHeadLevel - SHC conf log summary" />
 			<saved name="SearchHeadLevel - Searches dispatched as owner by other users" />
 			<saved name="SearchHeadLevel - Lookup CSV size" />
+			<saved name="SearchHeadLevel - KVStore collection size" />
 			<saved name="SearchHeadLevel - audit logs showing all time searches" />
 			<saved name="SearchHeadLevel - audit.log - lookup usage" />
 			<saved name="SearchHeadLevel - Detect lookups that have not being accessed for a period of time" />
@@ -535,12 +535,14 @@
 			<saved name="SearchHeadLevel - Lookup file owners" />
 		</collection>	
 		<collection label="Recommended (externally hosted)">
+			<a href="https://github.com/silkyrich/cluster_health_tools/">The cluster_health_tools git repository contains very useful dashboards for various indexer related performance stats</a>
 			<a href="https://github.com/dpaper-splunk/public/tree/master/dashboards" target="_blank">Extended Search Reporting (and others)</a>
 			<a href="https://github.com/nicovdw/splunk_concurrency_helper" target="_blank">Search Scheduler Tuning searches</a>
 			<a href="https://splunkbase.splunk.com/app/6449/" target="_blank">Sideview UI (User Activity details)</a>
 			<a href="https://splunkbase.splunk.com/app/6368/" target="_blank">Admins Little Helper for Splunk (btool, bundle utils and similar)</a>
-			<a href="https://splunkbase.splunk.com/app/4621/" target="_blank">TrackMe (Data Ingestion)</a>
+			<a href="https://splunkbase.splunk.com/app/4621/" target="_blank">TrackMe (Data Ingestion)</a>			
                         <a href="https://github.com/redvelociraptor/gettingsmarter/tree/main">Getting Smarter about Splunk SmartStore (including HEC dashboards)</a>
+			<a href="https://github.com/TheWoodRanger/presentation-conf_24_audittrail_native_telemetry">Maximizing Splunk Core: Analyzing Splunk Searches Using Audittrail and Native Splunk Telemetry</a>
 		</collection>
 	</collection>	
         <collection label="Summary_Reports">