3.0.13

New reports:

• IndexerLevel - events per second benchmark
• IndexerLevel - savedsearches by indexer execution time
• SearchHeadLevel - indexes per savedsearch
• SearchHeadLevel - macros in use
• SearchHeadLevel - Indexes for savedsearch without subsearches
• SearchHeadLevel - platform_stats.remote_searches metrics populating search 24 hour

Updated alerts:

• AllSplunkEnterpriseLevel - Splunkd Log Messages Admins Only - updated criteria
• IndexerLevel - RemoteSearches find datamodel acceleration with wildcards - updated regex
• MonitoringConsole - one or more servers require configuration - changed criteria
• MonitoringConsole - one or more servers require configuration automated - rewrote the alert
• SearchHeadLevel - Indexer Peer Connection Failures - updated comments
• SearchHeadLevel - Detect searches hitting corrupt buckets - updated comments
• SearchHeadLevel - Users with auto-finalized searches - updated comments
• SearchHeadLevel - splunk_search_messages dispatch - updated comments
• SearchHeadLevel - Lookups within savedsearches - corrected URL
• SearchHeadLevel - Sourcetypes usage from search telemetry data - description update
• SearchHeadLevel - Jobs endpoint example - updated description
• SearchHeadLevel - SmartStore cache misses - dashboards - minor update to regex
• SearchHeadLevel - SmartStore cache misses - combined - minor update to regex
• SearchHeadLevel - Search Messages field extractor slow - updated comments
• SearchHeadLevel - Search Messages user level - updated comments
• SearchHeadLevel - Search Messages admins only - updated criteria and comments

Updated reports:

• IndexerLevel - RemoteSearches - lookup usage - typo fixed in description
• IndexerLevel - Report on bucket corruption - updated comments
• SearchHeadLevel - summary indexing searches not using durable search - corrected REST context
• SearchHeadLevel - Lookups within savedsearches - corrected REST context
• SearchHeadLevel - platform_stats.audit metrics users - added v2/v1 endpoints for search/jobs/export
• SearchHeadLevel - platform_stats.audit metrics api - added v2/v1 endpoints for search/jobs/export
• SearchHeadLevel - platform_stats.audit metrics users 24hour - added v2/v1 endpoints for search/jobs/export

Updated to use macro splunkadmins_clustermaster_host instead of splunk_server=local:

• ClusterMasterLevel - Primary bucket count per peer
• ClusterMasterLevel - excess buckets on master
• IndexerLevel - ClusterMaster Advising SearchOrRep Factor Not Met

Updated to use macro splunkadmins_restmacro instead of splunk_server=local:

• IndexerLevel - Indexer replication queue issues to some peers
• SearchHeadLevel - Alerts that have not fired an action in X days
• SearchHeadLevel - Accelerated DataModels Access Info
• SearchHeadLevel - Accelerated DataModels with wildcard or no index specified
• SearchHeadLevel - authorize.conf settings will prevent some users from appearing in the UI
• SearchHeadLevel - Data Model Acceleration Completion Status
• SearchHeadLevel - DataModel Fields
• SearchHeadLevel - Dashboard refresh intervals
• SearchHeadLevel - Dashboards using depends and running searches in the background
• SearchHeadLevel - Dashboards using special characters
• SearchHeadLevel - Dashboards with all time searches set
• SearchHeadLevel - Dashboards that may benefit from base or post-process searches
• SearchHeadLevel - DataModels report
• SearchHeadLevel - Disabled modular inputs are running
• SearchHeadLevel - Detect changes to knowledge objects non-directory
• SearchHeadLevel - EventTypes report
• SearchHeadLevel - Index access list by user
• SearchHeadLevel - IndexesPerUser Report
• SearchHeadLevel - Knowledge bundle status on indexers
• SearchHeadLevel - Lookup file owners
• SearchHeadLevel - Lookup CSV size
• SearchHeadLevel - Macro report
• SearchHeadLevel - platform_stats.users savedsearches
• SearchHeadLevel - platform_stats.users dashboards
• SearchHeadLevel - Saved Searches with privileged owners and excessive write perms
• SearchHeadLevel - Summary searches using realtime search scheduling
• SearchHeadLevel - SavedSearches using special characters
• SearchHeadLevel - Splunk alert actions exceeding the max_action_results limit
• SearchHeadLevel - summary indexing searches not using durable search
• SearchHeadLevel - Tags report

Other macro updates:

• DeploymentServer - Count by application