Knowledge Management

Community Activity

mongod - kvstore is not starting Hi folks, We have custom certificates in our indexer cluster, search head cluster which are expired BUT replication i... by PramodhKumar Explorer in Knowledge Management 06-01-2020 0 0	0	0
Find the earliest event matching startswith using transaction So I have a log with multiple VPN connection, and some of them reconnect to the same session multiple times a day for... by nkgon New Member in Knowledge Management 06-01-2020 0 1	0	1
'have values in at least 20% of the events' what does it mean in simple terms please What does 'have values in at least 20% of the events' what does it mean in simple terms, please, for interesting fiel... by hjainreddy New Member in Knowledge Management 05-31-2020 0 3	0	3
What datamodel is "windows" tag belong I always saw these "OS" and "Windows" tags on the eventtypes.conf and tags.conf.It's on the production environment an... by jadengoho Builder in Knowledge Management 05-28-2020 0 3	0	3
Audit knowledge object usage Hello, I'm trying to audit knowledge object usage. Is there really no way to log when a knowledge object is called?... by ddelmont Explorer in Knowledge Management 05-27-2020 0 1	0	1
How do I remove duplicate stale hosts from Data Summary? The problem is that I have duplicate hosts under the Data Summary. I can see that some of them were last seen may 13 ... by splunktrainingu Communicator in Knowledge Management 05-27-2020 0 2	0	2
temporarily disable archiving We need to move our archives to different storage and I'm looking for a way to blast this out to our 48 indexers all ... by jarush Explorer in Knowledge Management 05-22-2020 0 1	0	1
What are ways to optimize splunk license usage? I'm using splunk enterprise. I need inforation on what are the ways and methods we can use to optimize splunk license... by aswinkumar6 New Member in Knowledge Management 05-21-2020 0 1	0	1
Volume setting "maxVolumeDataSizeMB" no longer trims non-SmartStore index when sharing volume with SmartStore index We migrated a single index to SmartStore about 3 months ago. It appears that since upgrading to v8.0.3 recently, that... by rbal_splunk Splunk Employee in Knowledge Management 05-20-2020 0 1	0	1
KVstore failed to start v.8.0.3 I had the following alerts after I restarted Splunk from the web interface. These alerts took place on May 5th and I ... by splunktrainingu Communicator in Knowledge Management 05-15-2020 0 1	0	1
Calc field I want to perform calc on following Number of disable account Region Disable AccHK Yes AAHK No BAUS No AAUK No DA eva... by keyu921 Explorer in Knowledge Management 05-13-2020 0 1	0	1
Create summary index to count events by sourcetype every hour Trying to create a scheduled report, to fire off a search and populate a summary index. Just want counts for each sou... by joesrepsolc Communicator in Knowledge Management 05-11-2020 0 1	0	1
What happens if you leave SmartStore? If I have data in S3 for SmartStore, what happens to that index data if I decide to stop using SmartStore?Will that d... by bdefalco New Member in Knowledge Management 05-07-2020 0 1	0	1
What is the least expensive way of removing multiple substrings from a string, and can I do it within a data model? Hello, My objective is to clean three distinct substrings from a comma delimited string. Those substrings may all be ... by andrewtrobec Motivator in Knowledge Management 05-06-2020 0 1	0	1
license_usage.log key Hi I am trying to understand what is the below for in license_usage.log and how I can find it's configuration 05-06... by rayar Contributor in Knowledge Management 05-06-2020 0 7	0	7
CIM complaince indexes list I am wondering is there any method to list out CIM compliance indexes on demand through SPL query ? by saikiran334 Explorer in Knowledge Management 05-04-2020 0 2	0	2
kvstore, inputlookup and time-bounds I'm trying to set up a kvstore lookup where the results from inputlookup can be filtered using the regular time-picke... by lfrit New Member in Knowledge Management 05-02-2020 0 5	0	5
Anyone using (disk_queue_length) instead of %_disk_time for disk metrics??? Hey Splunkers, Just wondering if anyone had some cool suggestions for better disk metrics We are currently using %_... by spluzer Communicator in Knowledge Management 04-30-2020 0 0	0	0
Pros/cons of using "owner = nobody" as related to Splunk quotas We have a number of jobs running as "admin" that run and create large temporary files on disk and when the disk quota... by dglinder Path Finder in Knowledge Management 04-29-2020 3 3	3	3
How to fix misleading "What to search"/Data Summary in Search & Reporting? I have been working with new inputs for a testing environment and I noticed that one point the Data Summary said that... by ricotries Communicator in Knowledge Management 04-29-2020 0 3	0	3
restore deleted file - lookup table Is it possible to restore a deleted lookup table and its related lookup definition / automatic lookup? by user93 Communicator in Knowledge Management 04-23-2020 0 2	0	2
Delayed/Offset Datamodel Acceleration I have a large set of data that comes in to splunk regularly but on couple days delay. It needs to be accelerated to ... by bkeif Path Finder in Knowledge Management 04-20-2020 0 0	0	0
Create a wildcard string from cidr values for TERM matching Create a wildcard string for a TERM match to a cidr or list of cidrs. This way you can search indexes or datamodels l... by landen99 Motivator in Knowledge Management 04-20-2020 0 1	0	1
[Smartstore]Is maxVolumeDataSizeMB relevent for mixed local and remote index cluster I wanted to get confirmation on how space is managed on a mixed local and remote index cluster. I know that maxVolume... by rbal_splunk Splunk Employee in Knowledge Management 04-19-2020 0 2	0	2
Is there any KV Store Limits setting Documentation?? It would appear from the docs that there are a number of kvstore limits.conf settings that can be tweaked. However, t... by pj Contributor in Knowledge Management 04-18-2020 3 3	3	3