I can confirm the potential password issues - HX appears to only include characters 1-14 of the password into the basic auth headers in the HTTP request, regardless of how long the password actually is.     ... View more

Based on your answer, I used the following to extract the domain part and sort by number of occurrences for the top 20: your base search | eval sender_domain=mvindex(split(sender,"@"),-1) | top limit=20 sender_domain ... View more

Just implemented this in my test setup, it does enable access to Splunk without the usual login prompt. However: If you are using this option, make sure that you also only use https to access splunk. In case of http, the url parameters (username and password) are transmitted in clear text. ... View more