ugle1
commented
1 year ago Thanks alot.
Closed ugle1 closed 1 year ago
ugle1
commented
1 year ago Thanks alot.
murchisd
commented
1 year ago Sure thing, thanks for pointing it out. Also for issue #5 if you have on-prem deployment, you can download version 2.0.0 from Splunkbase and should no longer experience error. The app is still pending review for Splunk Cloud
ugle1
commented
1 year ago I found version 2.0.0 in the "version history" page on splunkbase. It states that it only supports Splunk enterprise v8.2 and 9.x. Any reasons why it doesn't work in Splunk 8.1.x?
ugle1
commented
1 year ago I tested it in our DEV environment, version 8.1.12 (without Dashboard Studio Beta app), seems to be no issues. The difference between the files of version 1.0.2 and 2.0.0 seems to be primarily the python code.
murchisd
commented
1 year ago The app should work back to even 7.X versions. I had left of 8.1 just because I had not tested on that version yet but no libraries changed so there should be no problem. I updated Splunkbase and now that 2.0 has been vetted by Splunk I set it as default.
Hi,
I installed the app on a standard Splunk Enterprise v8.x search head cluster via deployer without adding Splunk Python SDK - Seems to be working alright. Is it really a prereq having Splunk Python SDK? Will it not behave as expected?
Also want to mention that I also experienced issue https://github.com/murchisd/splunk_pstree_app/issues/5 while testing search. I did:
index=myindex source="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational" EventCode=1 | fields * | pstree child=Image parent=ParentImage | table treewith time picker set totoday.