Knowledge Management

Discussions

Thread Info

Cleaning up orphaned searches and reports

We migrated search heads and there was content in user directories from users that have since quit, and therefore no ...

by Builder in

Eventtype 'windows_account_created' does not exist or is disabled.

I've given read permissions for macro, app, eventtype, everything I can think of, to the role and/or everyone. This s...

by Explorer in

7.2.xへのアップグレード時にKVStoreのエラーが表示されます

Splunkを 7.2.1 から 7.2.3 にアップグレードする際、マイグレーションスクリプト実行中に下記のエラーが表示され、アップグレードに失敗してしまいます。 ERROR while running mongo...

by Splunk Employee in

URL truncated

It looks like the field extraction for sourcetypes reques field is cutting some URLs short. URL return is truncated .

by Loves-to-Learn Everything in

Can you add data models to the Splunk Common Information Model (CIM) app?

I haven't been able to find an answer to this in the documentation. Can you add data models to the Splunk Common Info...

by Communicator in

Can you set permissions in bulk for all macros in an app or TA?

Can you set permissions in bulk for all macros in an app or TA? I want to set all macros in the Windows AD app to rea...

by Explorer in

[smartStore] Configuring remote storage on indexes results repeat many times?

After configuring remote storage on indexes, We are observing duplicate results. Sometime result repeat many times

by Splunk Employee in

Are there summary index naming convention standards?

So I need to set up a summary index for our reporting team to do our monthly reports. Are there any naming convention...

by Path Finder in

add devices into multiple groups

We have 10 different sites and I would like to create a group for each site. For example, I want to add SITE-A dev...

by Explorer in

macro with eval-based definition: error - the definition is expected to be an eval expression that returns a string.

Hoping to use a macro to simplify search terms as follows: index=my_index sourcetype=my_sourcetype splunk_servers=...

by Engager in

compare between 3 Lookup Tables

Hi Splunker; I have 3 lookup tables, I need search for appear the match results between 3 lookup tables, All lo...

by Explorer in

What do the summary index fields stand for?

Summary indexing produces a lot of psrsvd_* fields. What do they stand for? I presume they're acronyms or abbreviatio...

by Explorer in

Writing our first custom App for Avecto chassis_type CIM model

Hi, Looking for some advice We have an Asset field trying to get into CIM compliance ChassisType = Laptop, Note...

by Path Finder in

How do you tag a field based on a condition?

Good day everyone, I was wondering if there is a way to tag certain fields based on the value of that specific fie...

by Path Finder in

What is the purpose of the sourcetype "stash_new"?

What is the purpose of the sourcetype "stash_new" as opposed to the "stash sourcetype?

by Splunk Employee in

Recommended topology for high availability across sites.

I'm in the process of uplifting our existing logging systems and need some help to understand how true HA can be achi...

by New Member in

What capabilities are needed for kvstore backups?

What capabilities does a role need to initialize kvstore backups using the "splunk backup kvstore" command or the RES...

by SplunkTrust in

Run searches on app first install but not on upgrade

I would like to create an app which when installed will do the following Run a number searches against an already ...

by Contributor in

How to migrate users to a search head cluster?

I followed the instructions on https://docs.splunk.com/Documentation/Splunk/7.2.3/DistSearch/Migratefromstandalonesea...

by Communicator in

internal documentation links

I have updated the docsCheckerBaseURL property in web.conf (in system/local) however clicking on any of the links und...

by Path Finder in

Knowledge Management

Discussions

Cleaning up orphaned searches and reports

Eventtype 'windows_account_created' does not exist or is disabled.

7.2.xへのアップグレード時にKVStoreのエラーが表示されます

URL truncated

Can you add data models to the Splunk Common Information Model (CIM) app?

Can you set permissions in bulk for all macros in an app or TA?

[smartStore] Configuring remote storage on indexes results repeat many times?

Are there summary index naming convention standards?

add devices into multiple groups

macro with eval-based definition: error - the definition is expected to be an eval expression that returns a string.

compare between 3 Lookup Tables

What do the summary index fields stand for?

Writing our first custom App for Avecto chassis_type CIM model

How do you tag a field based on a condition?

What is the purpose of the sourcetype "stash_new"?

Recommended topology for high availability across sites.

What capabilities are needed for kvstore backups?

Run searches on app first install but not on upgrade

How to migrate users to a search head cluster?

internal documentation links

Provided solution : Tip to reduce large CSV lookup...

Why did field extraction disappear after adding ca...

Salesforce lookup issue: Why can I not expand look...

Could someone tell us about the introduction of Sm...

KVstore field Aliase