Knowledge Management

Ask a Question

Discussions

Thread Info

How to index summary indexes on a Search Head locally, and forward all other data to the indexer?

Does anyone have any config pointers for the following scenario: We have a Search Head, and it runs apps that gene...

by Motivator in

Slow search for squid for a 30 days report

hi all, i have a problem with a squid search, it is very very slow (over 30 minutes to load) the search is this: s...

by Path Finder in

Eventtype best practices?

the splunk CIM discusses the use of tags to help identify log entries according to an object/action/status formula - ...

by Path Finder in

summary index event date and sourcetype

when i create a summary index for the speed benefit and to filter results there are two main things i lose. Each ...

by Contributor in

Using a transaction result to feed another search

Summary I have a common field shared between two events which is a phone number. One event has details about the t...

by Path Finder in

Why is initial summary screen slower on 4.2?

I am running parallel installs of 4.1 & 4.2. The 4.2 initial summary dashboard seems to be slower than 4.1.x. Why is ...

by Splunk Employee in

Configurable Location for Summary Index Possible?

Can summary indexes, aka stash files, be stored somewhere other than $SPLUNK_HOME/var/spool/splunk/_.stash? Specifica...

by Communicator in

Summary index for sorted results

I want to show our worst performing access log results. Having broken it down to fields including timetaken for a tim...

by Path Finder in

how to read the content of a file with splunk?

Hi I've got files that I've got to read, and when there is a file with ERROR or WARNING in it, i've got to send an...

by Explorer in

How to use summary indexes when max transaction span exceeds reporting interval

I am trying to use transactions to better summarize what is going on in sessions. sourcetype="blah" response="200"...

by Path Finder in

Can I increase the number of backfill threads higher than 16

Is there a way to increase the number of maximum threads that the backfill script will use to a value higher than 16?

by Path Finder in

Can I use "sistats median(x)" to build a histogram of x?

If I have a summary indexing search like this: .... | sistats median(x) I get a list of values and counts in a...

by Super Champion in

Using collect for summary indexing not working

I have a search that produces a table. I am piping that search to: | collect index=vulnerabilities When the searc...

by Communicator in

the 500MB/day indexing volume of the free splunk

Hi, Let's suppose that my free splunk server will receive more that 500MB/day of syslog messages (through the TCP ...

by New Member in

free splunk and the TCP data inputs

Hi, The TCP data input is working on the free splunk 4.1.6 version? (meaning after the first 60 days) Thanks, ...

by New Member in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

How to index summary indexes on a Search Head locally, and forward all other data to the indexer?

Slow search for squid for a 30 days report

Eventtype best practices?

summary index event date and sourcetype

Using a transaction result to feed another search

Why is initial summary screen slower on 4.2?

Configurable Location for Summary Index Possible?

Summary index for sorted results

how to read the content of a file with splunk?

How to use summary indexes when max transaction span exceeds reporting interval

Can I increase the number of backfill threads higher than 16

Can I use "sistats median(x)" to build a histogram of x?

Using collect for summary indexing not working

the 500MB/day indexing volume of the free splunk

free splunk and the TCP data inputs

Observability Unveiled: Navigating OpenTelemetry's Framework and Deployment Options

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

I'm inputting all the information correctly, but t...

identity automatic lookup does not work

Tags allow list CIM Setup are blank after upgrade

Tagging "url" in Web Data Model

How to match an array of CVEs into CIM CVE field?