Knowledge Management

Community Activity

Can you help me with the following KV Store error: "Detected unclean shutdown - /home/dbindex/kvstore/mongo/mongod.lock is not empty" Hi, I have several errors related to KV Store as: -Failed to start KV Store process. See mongod.log and splunkd.log... by paola92 Explorer in Knowledge Management 08-03-2021 0 2	0	2
How to delete a correlation search Hi Splunkers.I'm looking for a way to delete a correlation search that has been created with the wrong name (as ES do... by torowa Path Finder in Knowledge Management 07-29-2021 0 4	0	4
Field Alias by sourcetype not working Hi Splunkers.I'm trying to troubleshoot an issue with field aliases based on a particular sourcetype.1) Field alias w... by torowa Path Finder in Knowledge Management 07-28-2021 0 5	0	5
Can you do a multiline eval command in a datamodel for an eval field? Whenever I've created eval fields before in a data model they're just a single command. Is it possible to do a multil... by ebs Communicator in Knowledge Management 07-28-2021 0 2	0	2
How do I change the event boundaries of a syslog file from the mainframe Hi! I created a new sourcetype (syslog_sic) because I have a syslog file coming from the mainframe with multiple lin... by usernamejpblais Engager in Knowledge Management 07-27-2021 0 5	0	5
convert this to data model query using tstats (index=* OR index=_) (((index=azuread )) NOT (action=success user=$)) \| eval action=if(isnull(action) OR action="",... by Pradz18 Loves-to-Learn Everything in Knowledge Management 07-26-2021 0 0	0	0
Exporting existing Splunk Configuration We are trying to develop Monitoring as Code application. So, to start with we want to export existing Splunk Configur... by anshulgargamway New Member in Knowledge Management 07-19-2021 0 0	0	0
Difference between using xmlkv and KV_MODE=xml Hi, I am getting inputs in the form of xml files.. To extract the fields from xml, do i need to use xmlkv in search o... by pasokkum Path Finder in Knowledge Management 07-15-2021 0 2	0	2
Question on extract the fields from the lines following a particular string Hi,I would like to extract the details that is present in the event followed by the event which the search string is ... by prettysunshinez Explorer in Knowledge Management 07-14-2021 0 1	0	1
How do I find a list of Built-in (pre-installed) Apps & Add-ons that come with Splunk Ent. & Splunk ES Please help me find a list of pre-installed Apps & TAs that come with Splunk Enterprise & Splunk ES. Thank u in advan... by SamHTexas Builder in Knowledge Management 07-09-2021 0 6	0	6
[Smartstore] How to deal with Multi-site - when sites are in different AWS region? We are planning out migration to SmartStore within AWS Currently, we are running on a multi-site cluster on EC2 insta... by rbal_splunk Splunk Employee in Knowledge Management 07-05-2021 0 2	0	2
Windows Deployments Server error on Linux Search Head Hi Guys,We use 3 Search Heads (cluster-linux boxes) with 2 Deployment boxes (1-PROD, 1-QA, Win 2012R2-32GB RAM Each) ... by neeravmathur Path Finder in Knowledge Management 07-01-2021 0 7	0	7
Agent version grouping by OS I have many agent versions and each row is displayed as the different version... Like the query is telling it to do. ... by jcorcoran508 Path Finder in Knowledge Management 06-30-2021 0 2	0	2
Splunk UF agent version with linux operating system os_release spl I have been trying for 2 days to get the proper syntax for get the UF agent version along with the RHEL os_release ... by jcorcoran508 Path Finder in Knowledge Management 06-30-2021 0 1	0	1
How to migrate knowledge objects (alerts, reports, dashboards etc) from Splunk cloud (prod) to Splunk cloud (non prod)? I have a Splunk cloud environment (production) from which I want to migrate all my knowledge objects to my non-prod S... by Sumana21 Engager in Knowledge Management 06-28-2021 0 1	0	1
How to Overwrite Private App Dashboard in Splunk Cloud We have two Splunk environments: Splunk Enterprise and Splunk Cloud. Splunk Cloud is our production system. Splunk ... by edgarrity Path Finder in Knowledge Management 06-25-2021 0 2	0	2
Splunk History Hi there,I am just wondering if Splunk> is currently the only Splunk provider out there? Are there any other companie... by ameliasydneysmi New Member in Knowledge Management 06-23-2021 0 2	0	2
list all datamodels with the feeds (index, sourcetype) Is there an easy way of showing list of all used datamodels and with which are coming in (index, sourcetype)? So far ... by ecanmaster Explorer in Knowledge Management 06-23-2021 2 6	2	6
In summary index trailing char "=" of field values are stripped I create summary index and I have some values as encrypted string example: applicant.msisdn="oaXjWo017vONwgUvO1WBvg==... by clagese Explorer in Knowledge Management 06-17-2021 0 2	0	2
Daniel Pico Buen Dia Splunk,Dese conocer el proceso exacto, para poder iniciar mi curso de aprendizaje en SALES ENGINEER 1 y como... by dpico New Member in Knowledge Management 06-15-2021 0 1	0	1
Splunk fsck repair - cancelation Hi All,I recently started a fsck repair on all buckets for a particular index on one of my clustered indexers. Unfort... by rquish94 Explorer in Knowledge Management 06-11-2021 0 0	0	0
Pivot does not appear to return all expected fields from the report Looking at a report generated by a pivot on a data model, in the report we get about 2.3 million events back every ti... by bfreese Engager in Knowledge Management 06-07-2021 0 0	0	0
Update kvstore Good morning,We are trying to use a kvstore to store data when performing a query to later query it in a dashboard.Th... by javier_reina Explorer in Knowledge Management 06-04-2021 0 3	0	3
summary indexes + metrics in Splunk 7.0.0 Hi, We currently use 6.6.2 and we rely on summary indexes to avoid recalculation of old data. We want to evaluate ... by ykpramodhcbt Path Finder in Knowledge Management 05-24-2021 0 5	0	5
How do I check my KV store size? I have a search head cluster and one of my searches is consuming full memory, which is running only in KV store, not ... by khusain_splunk Splunk Employee in Knowledge Management 05-18-2021 0 3	0	3