3.0.9

In version 3.0.8 the lookup file splunkadmins_hec_reply_code_lookup.csv was updated based on gettingsmarter (github repo), the updated lookup was created by @jgedeon and additionally includes some health endpoint return codes (as well as those returned by the standard HEC endpoint)

Updated alerts:

• SplunkEnterpriseLevel - Splunkd Log Messages Admins Only - more criteria
• SearchHeadLevel - Scheduled Searches That Cannot Run - correcting issue #20 (thanks @barrettnet)

Updated reports:

• SearchHeadLevel - Search Queries summary exact match - added provenance
• SearchHeadLevel - Search Queries summary non-exact match - added provenance
• SearchHeadLevel - audit.log - lookup usage - updated to handle mlspl files as well (apply command)
• SearchHeadLevel - Lookup file owners - now includes an additional join that can be used if TA-webtools is installed (to improve accuracy/exclude default lookup definitions/files)

New reports:

• SearchHeadLevel - Detect lookups that have not being accessed for a period of time
• SearchHeadLevel - Lookup Editor lookup updates
• SearchHeadLevel - Lookups within dashboards
• SearchHeadLevel - Lookups within savedsearches
• SearchHeadLevel - REST API usage via audit.log