New macros:
indexes_extraction(1)- to extract indexes from search logs
Updated reports/alerts:
AllSplunkEnterpriseLevel - Splunkd Crash Logs Have Appeared in Production- updated based on email feedback to use sourcetype (as source matching needed wildcards)IndexerLevel - Slow peer from remote searches- corrected comment in search onlySearchHeadLevel - Search Queries summary exact matchSearchHeadLevel - Search Queries summary non-exact matchSearchHeadLevel - SmartStore cache misses - dashboardsSearchHeadLevel - SmartStore cache misses - savedsearchesSearchHeadLevel - SmartStore cache misses - combinedSearchHeadLevel - Datamodel REST endpoint indexes in useSearchHeadLevel - indexes per savedsearchSearchHeadLevel - Indexes for savedsearch without subsearchesSearchHeadLevel - indexes per dashboard
Updated reports/alerts:
AllSplunkEnterpriseLevel - Splunk Scheduler excessive delays in executing searchAllSplunkEnterpriseLevel - sendmodalert errors- `SearchHeadLevel - Alerts that have not fired an action in X days
SearchHeadLevel - Scheduled Search Efficiency
To extract savedsearch_name (as I found you can have savedsearches with double quotes in the title).