Knowledge Management

Community Activity

How to restrict kvstore values based on the timepicker on the dashboard Hi,I have a kvstore with couple of fields. One of the field present is a timestamp field 'StartTime'. I wanted to use... by ebythomaspanick Explorer in Knowledge Management 02-26-2020 0 1	0	1
Tag Event after using workflow action Does anyone know if its possible as part of a workflow action that an event can be tagged? I would love to be able to... by adalbor Builder in Knowledge Management 02-21-2020 0 3	0	3
How to extract info from the middle of the multi line error message For this use case see the message below we like to extract is . I can extract this 1st part ok but can not extra... by SaqibRaheem New Member in Knowledge Management 02-21-2020 0 2	0	2
How to extract a value from a field by ignoring some of the characters? The first query I run is index=sec_proxy_web sourcetype="bluecoat:proxysg:access:syslog" \| top 10 url I have web ... by vigneshit New Member in Knowledge Management 02-20-2020 0 8	0	8
Getting this error "Could not dump KVStore collections. Connection failed." What does this error message mean? 02-10-2020 07:52:50.896 -0500 ERROR MongoModificationsTracker - Could not dump KVS... by spammenot66 Contributor in Knowledge Management 02-20-2020 0 0	0	0
CIM Mapping issue Hi,I'm doing CIM Mapping and the data I have is from Dynatrace. It's JSON format. I had to do Field Extraction to get... by aknsun Path Finder in Knowledge Management 02-19-2020 0 3	0	3
Time difference between 2 fields How can I get the time difference between two fields below TIA by nathanluke86 Communicator in Knowledge Management 02-18-2020 0 4	0	4
90 day average per field using Summary indexing and outputlookup I have a requirement to get the average of the count of the IPs over the last 90 days. I have thought of 2 approaches... by sambit_kabi Path Finder in Knowledge Management 02-17-2020 0 3	0	3
Can we share the data Models present in the indexer server to the search heads which are related to apps? I have added the Splunk DB Connect app on my indexer server and loaded all my inputs to get the tables data and getti... by tadepallikrishn New Member in Knowledge Management 02-17-2020 0 2	0	2
How to tag hosts with a wildcard and search with that tag? Hello all, I dod some reading in the Splunk docs and combed through most of the topics here and I did not find and an... by galindimitrov Explorer in Knowledge Management 02-14-2020 0 7	0	7
Does anyone have splunk file structure diagram Do anyone of you have Splunk directories and file structure diagram with paths to config files similar to the one on ... by vrmandadi Builder in Knowledge Management 02-14-2020 0 7	0	7
Sizing on Smartstore (S3) for local storage The smartstore documentation says the following: "The amount of local storage available on each indexer for cached d... by ajiwanand Path Finder in Knowledge Management 02-14-2020 0 4	0	4
How to extract the given log into one log using props.conf? I am trying to extract the below file into single log, but it got breaks into two or more files in splunk Sample fil... by murali18 Engager in Knowledge Management 02-11-2020 0 3	0	3
Need to assign ip address to a description I need to create a new field called ip_address_location and for each IP address perform an if. So like this: if ip =... by yepyepyayyooo New Member in Knowledge Management 02-11-2020 0 3	0	3
When using splunk backup kvstore command, is the completion status logged, specifically in the case of an error/failure? I'm looking to capture any failures of a kvstore backup that is kicked off from a script. by andysm Engager in Knowledge Management 02-07-2020 2 2	2	2
how to restore bucket Frozendb? Folks, Can you help me please? I'm trying to restore buckets for the month of December 2019 on my Splunk instance. ... by erlindemberg Explorer in Knowledge Management 02-06-2020 0 1	0	1
KVstore / mongodb compact command Is there anyway to get the mongodb COMPACT command run by splunk? We have quite a few kvstores that have used around... by Lucas_K Motivator in Knowledge Management 02-05-2020 2 11	2	11
Splunk: How to backup/restore Splunk's data? Hello, Pls advise how one can backup from an existing splunk (7.0) and restore the saved splunk's data to another new... by htkwan Path Finder in Knowledge Management 02-05-2020 0 1	0	1
Lookup and Correlation Help I have lookup that has 2 columns IP address and hostname , I see output when I run command \| inputlookup serverip.cs... by dmenon Explorer in Knowledge Management 02-04-2020 0 1	0	1
removing excess buckets without id pass i am running cli command "splunk remove excess buckets" to remove excess buckets from cluster master. it is asking fo... by jiaqya Builder in Knowledge Management 02-04-2020 0 2	0	2
Example of how to measure continuous delivery builds? Does anyone have examples of how to use Splunk to measure continuous delivery builds? by sloshburch Ultra Champion in Knowledge Management 02-03-2020 0 2	0	2
How do I extract one set from another? I have something like - index=os_solaris sourcetype=cpu \| stats count by host \| join type=left host [\|search index=... by danielbb Motivator in Knowledge Management 01-31-2020 0 6	0	6
How to efficiently check for missing data? We have been running alerts that periodically check various sourcetypes and notify us if there are zero events found ... by joemiller Path Finder in Knowledge Management 01-31-2020 0 9	0	9
Field Alias: Created multiple but only a few showing up Hey All, I created multiple field aliases for multiple sourcetypes and for each sourcetype I am only seeing a few of... by adalbor Builder in Knowledge Management 01-30-2020 0 1	0	1
Example of how to measure server network usage? Does anyone have examples of how to use Splunk to measure server network usage? by sloshburch Ultra Champion in Knowledge Management 01-29-2020 0 1	0	1