Knowledge Management

Discussions

Thread Info

Data flows between index search and lookups

I have a whole lot of servers data indexed for our project (index=* sourcetype=* source=) that needs to be searched b...

by Loves-to-Learn Lots in

Add field using eval to existing data model field

Hello! I am just starting to work with data models (and eval expressions) and I am a bit stuck. I have a data model ...

by Path Finder in

Why did the KVstore fail to start after using a more secure cipher in server.conf?

The splunk version is 7.1.0. Here is the default cipher from server.conf [sslConfig] sslVersions = tls1.2 sslVers...

by Splunk Employee in

Javascript take splunk username

Hi, I'm trying to get the Splunk user that making changes in kv store. I tried to use the rest call but the User_N...

by Explorer in

outputlookup takes 2 hours to update KVStore table with 2m rows

I'm adding ~2k rows to a KVStore table with 14 fields and ~2 million rows. The outputlookup command takes nearly 2 ho...

by Engager in

Insert field value into macro parameter

Hi everybody, I have this search, using a macro called getImageURL(2): ... table country client artnumber | ev...

by Path Finder in

Summary index timechart no values

I'm trying to set up a summary index using the sitimechart command. I read a lot about it, in the docs and in this ...

by Observer in

Help with Trim Down Win Sec Events - 4624

Hi, I am in need of assistance with trimming down the Win Sec Event 4624 as it is blowing out our licensing. It is ...

by Communicator in

How to pause log generation during downtime in service and track the duration of each pause?

Hi Splunkers, I need to stop a particular service from generating logs in Splunk during downtime, and resume gener...

by Explorer in

Event type creation and AI

We categorize log events using event types and assign them to people to address the issues using tags. Our events ...

by Path Finder in

Summary index for getting every one hour report

HI All , i have a dashboard with 8 panels running in 58 seconds. I am getting data one hour and panel are auto refres...

by Path Finder in

Will summary index work with appendcols?

I have a query that joins the data from two types of log1st search acting on log lines like this: 2020-06-02T10:54...

by Engager in

KVSTORE main uses

collecting data works the same without kvstore installed? what is the advantage to install it in an environment splu...

by Explorer in

How to search in an index conditioned from the summary index.

Hi. I have summary index_sum, which has 2 events, 2 attributes: A1_sum, A2_sum 1590482539, 7722527 1591080961, 772...

by Contributor in

Elapsed time logging in splunk

Hi All, does splunk log the elapsed time automatically ? I am trying to join few different source types in splunk tha...

by Explorer in

mongod - kvstore is not starting

Hi folks, We have custom certificates in our indexer cluster, search head cluster which are expired BUT replicatio...

by Explorer in

Find the earliest event matching startswith using transaction

So I have a log with multiple VPN connection, and some of them reconnect to the same session multiple times a day for...

by New Member in

'have values in at least 20% of the events' what does it mean in simple terms please

What does 'have values in at least 20% of the events' what does it mean in simple terms, please, for interesting fiel...

by New Member in

What datamodel is "windows" tag belong

I always saw these "OS" and "Windows" tags on the eventtypes.conf and tags.conf.It's on the production environment an...

by Builder in

Audit knowledge object usage

Hello, I'm trying to audit knowledge object usage. Is there really no way to log when a knowledge object is called...

by Explorer in

How do I remove duplicate stale hosts from Data Summary?

The problem is that I have duplicate hosts under the Data Summary. I can see that some of them were last seen may 13 ...

by Communicator in

temporarily disable archiving

We need to move our archives to different storage and I'm looking for a way to blast this out to our 48 indexers all ...

by Explorer in

What are ways to optimize splunk license usage?

I'm using splunk enterprise. I need inforation on what are the ways and methods we can use to optimize splunk license...

by New Member in

Volume setting "maxVolumeDataSizeMB" no longer trims non-SmartStore index when sharing volume with SmartStore index

We migrated a single index to SmartStore about 3 months ago. It appears that since upgrading to v8.0.3 recently, that...

by Splunk Employee in

KVstore failed to start v.8.0.3

I had the following alerts after I restarted Splunk from the web interface. These alerts took place on May 5th and I ...

by Communicator in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

Data flows between index search and lookups

Add field using eval to existing data model field

Why did the KVstore fail to start after using a more secure cipher in server.conf?

Javascript take splunk username

outputlookup takes 2 hours to update KVStore table with 2m rows

Insert field value into macro parameter

Summary index timechart no values

Help with Trim Down Win Sec Events - 4624

How to pause log generation during downtime in service and track the duration of each pause?

Event type creation and AI

Summary index for getting every one hour report

Will summary index work with appendcols?

KVSTORE main uses

How to search in an index conditioned from the summary index.

Elapsed time logging in splunk

mongod - kvstore is not starting

Find the earliest event matching startswith using transaction

'have values in at least 20% of the events' what does it mean in simple terms please

What datamodel is "windows" tag belong

Audit knowledge object usage

How do I remove duplicate stale hosts from Data Summary?

temporarily disable archiving

What are ways to optimize splunk license usage?

Volume setting "maxVolumeDataSizeMB" no longer trims non-SmartStore index when sharing volume with SmartStore index

KVstore failed to start v.8.0.3

Splunk App for Anomaly Detection End of Life Announcement

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

New Splunk TcpOutput persistent queue

Solutions: "Splunk could not get the description f...

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased...

Routing events on UF for sourcetypes with INDEXED_...

Knowledge Management

Are you a member of the Splunk Community?

Discussions