Knowledge Management

Ask a Question

Discussions

Thread Info

KV Store overwrite failing (append=false)

Hello, It's not the first time that I notice this issue, but I cannot find a workaround this time. I'm trying to o...

by Explorer in

"Fatal thread error: pthread_mutex_lock: " when persistent queue enabled. Crashing thread: typing

Heavy forwarder or indexer crashes with FATAL error on typing thread. Note: Issue is now fixed for next 9.2.2/9...

by Splunk Employee in

How to set the timestamp when using the collect command?

I am searching yesterday's data and trying to insert it into an index for reporting purposes. I need to take multiple...

by Path Finder in

Is it possible to take splunk Admin certification after Splunk power user certification expired?

by Explorer in

CSV Field indexing

Hello, I have a CSV file that I monitor via the Universal Forwarder (UF). I’m encountering an issue where sometimes...

by Builder in

Need help on rex

We have json logs, from the below logs we need to get the rex for the failures count which is mentioned in the logs l...

by Explorer in

Select Entitlement combo empty when trying to create a case at official support

HiI am trying to create a case at your official support.Our user is "unionub".Required Input field "Select Entitlemen...

by Builder in

Unable to load dashboard. Please reload the page to try again.

Hi, For a few days now, my Splunk Dashboard shortcut has been displaying an error when I connect with the administr...

by Explorer in

How to get the mapping relationship between data models and indexes?

Hello Guys, I wonder if there's any query that can list the mapping information between the existing data models a...

by Path Finder in

What does restart background jobs do?

Is this a per profile basis?Per cluster basis?how does this restart back?

by Explorer in

Indexes not saving past 2 weeks.

I want to start of by saying I am extremely new to splunk, so please bear with me, I'm not sure at all if I'm on the ...

by Loves-to-Learn in

Calling Custom Commands and returning data to an Eval

I have a custom command that calls a script for nslookup and returns the data to splunk. All of it is working but I w...

by Loves-to-Learn Everything in

19 digit epoch time not being honored

I have a field called eventtime in my logs, but the time is 19 characters long in epoch time (which goes to nanosecon...

by Explorer in

SmartStore Eviction Failure

Hello,I am experiencing a periodic issue with smartstore where a bucket will try to be evicted then proceeds to fail ...

by Engager in

Error installing Splunk 9.3 on RHEL 8 server

Hello! I am trying to upgrade to the latest version of Splunk Enterprise 9.3 on a RHEL 8 server, but I am getting t...

by Path Finder in

Kvstore Status:failed

Hi all, Please help. I have a AIO Splunk Enterprise Ver: 8.1.2 setup running on windows server, i have done the ...

by Explorer in

How to append on existing gz lookup file without temporary file

Hi Team, I have many(10+) large csv lookup files (200MB) being referred in multiple places. To improve optimisation...

by New Member in

Fields using regular expressions

I would like to automatically extract fields using props.conf.When there is a pattern like the one below, what I want...

by Path Finder in

Recover all fields in a Splunk environment

Hi Splunkers, I have the following tasks: I need to compare 2 different Splunk instances, that should be deployed in ...

by Contributor in

Solutions: "Splunk could not get the description for this event"

If you find issue happens after windows server is restarted. Restarting splunk universal forwarder fixes the issue. T...

by Splunk Employee in

shift-jisのCHARSETについて

お世話になります。 SplunkWebからソースタイプを作成する際にCHARSETの項目から、様々な文字コードを宣言できますが、shift-jis形式の文字コードだけでも SHIFT-JISやSJISなどの複数のパターン...

by Explorer in

Restore Datasets in a Data Model from an App

(Hard sometimes to think of a good salutation that isn't boring or awkward, so fill in what you like here.),I acciden...

by Communicator in

After upgrade to 9.1.x and above overall increased system memory usage

While there can be so many reasons for memory growth, one of the reason could be increased memory usage by idle searc...

by Splunk Employee in

Routing events on UF for sourcetypes with INDEXED_EXTRACTIONS set

Can we apply following example on UF? Keep specific events and discard the rest https://docs.splunk.com/Documenta...

by Splunk Employee in

Skipped searches

Hi All, I am working on skipped searches, what is the difference between below 2? 1) The maximum number of concur...

by Builder in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

KV Store overwrite failing (append=false)

"Fatal thread error: pthread_mutex_lock: " when persistent queue enabled. Crashing thread: typing

How to set the timestamp when using the collect command?

Is it possible to take splunk Admin certification after Splunk power user certification expired?

CSV Field indexing

Need help on rex

Select Entitlement combo empty when trying to create a case at official support

Unable to load dashboard. Please reload the page to try again.

How to get the mapping relationship between data models and indexes?

What does restart background jobs do?

Indexes not saving past 2 weeks.

Calling Custom Commands and returning data to an Eval

19 digit epoch time not being honored

SmartStore Eviction Failure

Error installing Splunk 9.3 on RHEL 8 server

Kvstore Status:failed

How to append on existing gz lookup file without temporary file

Fields using regular expressions

Recover all fields in a Splunk environment

Solutions: "Splunk could not get the description for this event"

shift-jisのCHARSETについて

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased system memory usage

Routing events on UF for sourcetypes with INDEXED_EXTRACTIONS set

Skipped searches

Data Persistence in the OpenTelemetry Collector

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Community Content Calendar, September edition

New Splunk TcpOutput persistent queue

Solutions: "Splunk could not get the description f...

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased...

Routing events on UF for sourcetypes with INDEXED_...

Knowledge Management

Are you a member of the Splunk Community?

Discussions