Knowledge Management

Discussions

Thread Info

How do I remove duplicate stale hosts from Data Summary?

The problem is that I have duplicate hosts under the Data Summary. I can see that some of them were last seen may 13 ...

by Communicator in

temporarily disable archiving

We need to move our archives to different storage and I'm looking for a way to blast this out to our 48 indexers all ...

by Explorer in

What are ways to optimize splunk license usage?

I'm using splunk enterprise. I need inforation on what are the ways and methods we can use to optimize splunk license...

by New Member in

Volume setting "maxVolumeDataSizeMB" no longer trims non-SmartStore index when sharing volume with SmartStore index

We migrated a single index to SmartStore about 3 months ago. It appears that since upgrading to v8.0.3 recently, that...

by Splunk Employee in

KVstore failed to start v.8.0.3

I had the following alerts after I restarted Splunk from the web interface. These alerts took place on May 5th and I ...

by Communicator in

Calc field

I want to perform calc on following Number of disable account Region Disable AccHK Yes AAHK No BAUS No AAUK No DA ...

by Explorer in

Create summary index to count events by sourcetype every hour

Trying to create a scheduled report, to fire off a search and populate a summary index. Just want counts for each sou...

by Communicator in

What happens if you leave SmartStore?

If I have data in S3 for SmartStore, what happens to that index data if I decide to stop using SmartStore?Will that d...

by New Member in

What is the least expensive way of removing multiple substrings from a string, and can I do it within a data model?

Hello, My objective is to clean three distinct substrings from a comma delimited string. Those substrings may all ...

by Motivator in

license_usage.log key

Hi I am trying to understand what is the below for in license_usage.log and how I can find it's configuration 05-...

by Contributor in

CIM complaince indexes list

I am wondering is there any method to list out CIM compliance indexes on demand through SPL query ?

by Explorer in

kvstore, inputlookup and time-bounds

I'm trying to set up a kvstore lookup where the results from inputlookup can be filtered using the regular time-picke...

by New Member in

Anyone using (disk_queue_length) instead of %_disk_time for disk metrics???

Hey Splunkers, Just wondering if anyone had some cool suggestions for better disk metrics We are currently usin...

by Communicator in

Pros/cons of using "owner = nobody" as related to Splunk quotas

We have a number of jobs running as "admin" that run and create large temporary files on disk and when the disk quota...

by Path Finder in

How to fix misleading "What to search"/Data Summary in Search & Reporting?

I have been working with new inputs for a testing environment and I noticed that one point the Data Summary said that...

by Communicator in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

How do I remove duplicate stale hosts from Data Summary?

temporarily disable archiving

What are ways to optimize splunk license usage?

Volume setting "maxVolumeDataSizeMB" no longer trims non-SmartStore index when sharing volume with SmartStore index

KVstore failed to start v.8.0.3

Calc field

Create summary index to count events by sourcetype every hour

What happens if you leave SmartStore?

What is the least expensive way of removing multiple substrings from a string, and can I do it within a data model?

license_usage.log key

CIM complaince indexes list

kvstore, inputlookup and time-bounds

Anyone using (disk_queue_length) instead of %_disk_time for disk metrics???

Pros/cons of using "owner = nobody" as related to Splunk quotas

How to fix misleading "What to search"/Data Summary in Search & Reporting?

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

identity automatic lookup does not work

Tags allow list CIM Setup are blank after upgrade

Tagging "url" in Web Data Model

How to match an array of CVEs into CIM CVE field?

Is there a rest api or any curl command through w...