Knowledge Management

Community Activity

When to use KV Store vs Index? I'm working on a TA that pulls new domains from an API once per day and stores them in a KV store. I use this KV stor... by wesleya Explorer in Knowledge Management 10-16-2019 0 1	0	1
How to complete Splunk Migration from 3 different instances to a new instance? Hi Splunkers, We have to migrate our 3 Splunk instances to a whole different new instance. Since Splunk documentatio... by Mansi24 Path Finder in Knowledge Management 10-16-2019 0 1	0	1
Is there any reason to keep the KVstore on? All, Is there any reason I should keep the KVstore on if I am not using it? Can anyone link me ot how the kvstore w... by daniel333 Builder in Knowledge Management 10-16-2019 0 2	0	2
Splunk FSCK exitCodes Hi, does anybody have a list of Human readable reasons to the splunk fsck exitCodes? Specifically 17 and 3. Or where... by effem Communicator in Knowledge Management 10-16-2019 0 3	0	3
Is it possible to schedule the rebuild of an accelerated data model? Hello everyone, It recently came to my attention that data coming from a lookup within my accelerated data model was... by andrewtrobec Motivator in Knowledge Management 10-10-2019 1 2	1	2
Hunk - Data Model Acceleration - Parquet files getting deleted I was trying out datamodel acceleration with Hunk (latest version). This is how my datamodel.conf looks: cat etc/app... by prvnks New Member in Knowledge Management 10-10-2019 0 3	0	3
Search optimization question Hi all, I had some trouble with a search but got it to work. But the search istelf isn't that "clean" I suppose. Som... by jonydupre Path Finder in Knowledge Management 10-10-2019 0 1	0	1
rebuild the buckets after coping to thaweddb from frozendb but not searchable Hello, we copied the buckets from frozendb to thaweddb and rebuild them. the data is searchable from that particular... by sathwikr076 Communicator in Knowledge Management 10-08-2019 0 1	0	1
alert in datamodel Hi Splunk Team I see this message on my entire datamodel, how can I fix it? "This object has no explicit index constr... by vumanhtai Path Finder in Knowledge Management 10-06-2019 0 2	0	2
calculate request count and duration in a single summary index I'm like to collect two pieces of information from wildfly access logs in a single summary index: the number of aver... by badtakemonger New Member in Knowledge Management 10-02-2019 0 1	0	1
splunk best practise network interface dashboard is there a best practise way for a meaningful real time network interface performance counter or network perfmon to s... by germeister18 Engager in Knowledge Management 10-01-2019 0 0	0	0
How to get kvstore values with the command rest? Hi all, I'm currently retrieving lookups from another SH in this way: \| rest splunk_server=server_name splunk_serve... by pbalbasm Path Finder in Knowledge Management 09-30-2019 0 2	0	2
Splunk macro in search string I created a Macro with name auth(1), app is ES, argument is src and the definition is \| from datamodel:"Authenticat... by karthikmalla Explorer in Knowledge Management 09-29-2019 0 3	0	3
Why are collected events in a summary index losing milliseconds from _time in Splunk 6.2.1? I collect some events into a summary index with something like this: ... some search ... \| rex ... \| eval ... \| fiel... by arkadyz1 Builder in Knowledge Management 09-27-2019 7 4	7	4
kvstore query via Python SDK on Windows is slow It seems like the python SDK for Windows is timing out when trying to connect to the host. I have a rest endpoint tha... by David Splunk Employee in Knowledge Management 09-26-2019 0 1	0	1
Splunk app and best practices for indexing I am developing a Splunk app and just wanted to hear for someone what is considered to be the best practice when it c... by mlstom New Member in Knowledge Management 09-25-2019 0 2	0	2
Which servers should have the Web Interface enabled in a distributed/clustered environment? Hello all, So I have a distributed/clustered environment. By default, I left all web interfaces enabled on all the s... by R_B Path Finder in Knowledge Management 09-25-2019 1 3	1	3
How can I find out which users have launched Microsoft Office Applications My CIO has requested a report that shows each user (or at least the number of users) that has launched an application... by smithjl New Member in Knowledge Management 09-19-2019 0 2	0	2
Self Servicing on Splunk - deploying TAs? All, I have been asked to make Splunk more self service. The first ask from management is that our developers be ab... by daniel333 Builder in Knowledge Management 09-19-2019 0 0	0	0
Multiple time frame search with one of the time frames not utilizing brackets within a macro I have a solution that uses api called macros that prefix the time frame to the search. ie. earliest="03/14/2019:00:... by Lucas_K Motivator in Knowledge Management 09-18-2019 0 0	0	0
What are the fields counts in the CIM Validator app? Not sure what Total fields, Issue fields, CIM Compliance (all DM fields) and CIM Compliance (recommended fields) mean... by danielbb Motivator in Knowledge Management 09-17-2019 0 2	0	2
Enterprise Security: how does the TA determine that a certain index/event-set is cim compliant? How does the TA determine that a certain index/event-set is cim compliant? Does it require all the fields to match or... by danielbb Motivator in Knowledge Management 09-17-2019 0 11	0	11
Where did the Splunk blog site go? Links to Splunk blogs like blogs.splunk.com and www.splunk.com/blog result in 404 error. Oops? Migration in progress?... by gregharms Explorer in Knowledge Management 09-16-2019 0 3	0	3
Summary Index has Duplicates I have a search I created that runs for the last 5 minutes. I scheduled this to run every 5 minutes to update a summa... by aohls Contributor in Knowledge Management 09-16-2019 0 2	0	2
AWS Smart Store - how is data searched in s3 vs local? If we are using AWS smart store for all our splunk data, and we set the recency/no evict to some number (let’s say a ... by jtm7x2 Explorer in Knowledge Management 09-13-2019 0 2	0	2