Knowledge Management

Start a Conversation

Discussions

Start a Conversation

Thread Info

How do I prevent the collect command from flattening multivalue fields when writing into a summary index?

I want to write transactions with full list of pages accessed into summary index in this manner: ... | transaction...

by Communicator in

Is it possible to have optional arguments in search macros?

Hello, I'm reading about search macros, and I was wondering if there was a way to have optional arguments? From wh...

by Communicator in

How do I use the event type to highlight all events, not just the left side?

how can i use the event type to highlight all events, not just to highlight the left side ?

by Explorer in

Unexpected search results... How do parentheses, OR, and NOT work in search language?

How do parentheses, OR, and NOT work in search language? If I do something like... ( source=foo "somesearchterm" )...

by Builder in

How to quit summary backfill script?

I was running a backfill script and it seems to have got hung up. How can I quit the script? Will pkill -f fill_su...

by Builder in

Splunk 6.2 mongod does not seem to shut down when initiating a restart

Having issues with some members of our 6.2 platform where issuing a splunk restart ends up not being able to complete...

by Contributor in

How to edit my search to create a summary index?

I am trying to make a summary index for data in April 2014. Using the current default search and joins, and to que...

by New Member in

Why am I not able to get any dynamic content using the collect command with the marker option?

Hey, I am trying to use collect together with the marker-Option. Unfortunately I am not able to get any dynamic co...

by Contributor in

Creating a Tag no longer available!

The way to tag a field is no longer available under my new version of Splunk. Is there a way to restore this tag capa...

by Path Finder in

Is it possible to group results by their tag?

I'd have a number of servers that are tagged with a category of the system owner. Can I use these tags to group the r...

by Contributor in

Run Collect command from python giving error

Hi I am trying to run collect command from python script. Below is my command: check_output("%s search \"| savedse...

by Explorer in

Why am I getting this error? - "Error in 'outputlookup' command: The lookup table 'Permission denied for collection 'mycollection'' is invalid."

I'm attempting to create my first kvstore collection and I get this error when I try to write to the collection. E...

by Explorer in

Knowledge Management

Discussions

How do I prevent the collect command from flattening multivalue fields when writing into a summary index?

Is it possible to have optional arguments in search macros?

How do I use the event type to highlight all events, not just the left side?

Unexpected search results... How do parentheses, OR, and NOT work in search language?

How to quit summary backfill script?

Splunk 6.2 mongod does not seem to shut down when initiating a restart

How to edit my search to create a summary index?

Why am I not able to get any dynamic content using the collect command with the marker option?

Creating a Tag no longer available!

Is it possible to group results by their tag?

Run Collect command from python giving error

Why am I getting this error? - "Error in 'outputlookup' command: The lookup table 'Permission denied for collection 'mycollection'' is invalid."

Scheduled searches for summary index does not run. No skipped log in scheduler.log

Can tags be set in bulk?

How to schedule summary searches with "dependencies"?

datamodel acceleration (TSIDX) & user grants on index

Why am I getting errors trying to access kvstore endpoint from a django view?

How to delete data from the data model and force it to rebuild ?

How to migrate field aliases from one Splunk instance to another?

fill_summary_index.py is not doing dedup

Best of Community @.conf20
Humans That Splunk: Meet Abhishek...
Humans That Splunk: Meet Guiseppe...

Visit our Community Blog >

Splunk for ISeries - AS400

Reset knowledge object permissions to app default

Does SPLUNK work with a SaaS Application like OTM ...

Time Picker to filter data not working for externa...

Files under kvstore directory