fixes for the savedsearches

[aholzel]

• made some changes to the savedsearches schedule because in many environments 134 searches at the same time will cause a lot of skipped searches. now only 9 searches will be done at the same time.
• renamed the [T1047] searches, change "Windows Management Instrumentation" to "WMI" in the search name. There is a limit of 100 characters for a search name, if you tried to edit these searches via the GUI you get an error that the search name is to long and you cannot same your changes.
• updated the change log with the above
• bumped the version in app.conf to 1.4.1

[olafhartong]

Thanks for the pull request! Appreciate you taking the time to contribute Wouldn't the already added schedule_window = auto also address this ?

[aholzel]

No problem! Unfortunately not enough, for what I have seen. I had an installation that had a lot of skipped searches on exactly every 15 minutes. When I spread out the searches there where no more skipped searches. This is probably because on an Splunk ES seachhead there are a lot of searches on a */5 Cron schedule.

[Cris5955]

Forma de resolverlo con ..

[dstaulcu]

was just looking at outstanding pull requests. Have yall seen the allow_skew feature in savedsearches.conf? I don't know what version of Splunk allow_skew was introduced with but seems like that would be a nice option over having to hard code offsets among scheduled searches. that said, looks like those offsets were merged outside of this pull request at some point so it also seems this pull request could be closed.