Knowledge Management

Community Activity

Restore multiple frozenDB I need to restore pre4.2 and 4.2 frozendb (around 3 years data) about 10T datas Any scripting or advise to run in ba... by kenntun Engager in Knowledge Management 05-02-2019 0 1	0	1
Field extraction: Trim each event and create a field to extract only particular words Hi Experts, I have few logs as below, i want to capture all unregistered uri (from unregistered uri text to end of ... by Allampally Path Finder in Knowledge Management 05-02-2019 0 1	0	1
Use Historical Data to Establish Trends and Normalize Data Perhaps I am using the term normalize wrong, but the following is essentially the gist of what I'm trying to do: I'v... by cpund New Member in Knowledge Management 05-02-2019 0 2	0	2
Time taken by multiple events in a distributed transaction Hi , we have a audit log with the information of different event types and their execution time for different custome... by sathishthangara New Member in Knowledge Management 05-01-2019 0 5	0	5
HOW TO: Purge (CLEAN) Selective Data from an Index According to the documentation i'm reading, permanently purging selective data (matching search filter/s) doesn't app... by salighie New Member in Knowledge Management 05-01-2019 0 4	0	4
Why is the previous data not accessible after changing the Splunk_DB location? Hi there, I used this article "https://docs.splunk.com/Documentation/Splunk/7.2.6/Indexer/Moveanindex" to move my i... by arsalanj Path Finder in Knowledge Management 04-30-2019 0 2	0	2
How to extract a value after a key word using the field extractor? I have been using the field extractor regular expression to extract a value from a field. The problem I am running ... by rtsquared Explorer in Knowledge Management 04-30-2019 0 3	0	3
Splunk cannot find files Hi Splunk, We use Splunk Enterprise 7.2.3. In our environment there are 49 XML files in subfolders which have to be... by fjp2485 Engager in Knowledge Management 04-30-2019 0 7	0	7
[SmartStore] How to check Summary Bucket ( Report acceleration or Data Model ) on Remote Store and also download a file from it? I am seeing errors like below 04-19-2019 12:21:42.676 -0400 ERROR CacheManager - action=download, cacheId="ra\|aca_os... by rbal_splunk Splunk Employee in Knowledge Management 04-29-2019 0 1	0	1
What's the difference between search&reporting app and quality monitoring app The search statement like the following: host = "*****" \| rex field=data.textPyaload "time_ms=(?[\s]+)" \| timechar... by happybotter New Member in Knowledge Management 04-29-2019 0 5	0	5
Is there any way to see export job status I have run an export job yesterday. Is there any way to see it's status from the Splunk logs? Is there any way I can... by sesharao92 Explorer in Knowledge Management 04-29-2019 0 1	0	1
Should search performance improve using saved search or summary index? Hi All, I am running a search which shows the total_used_space (storage used) of an application for last 30 days. Be... by pgadhari Builder in Knowledge Management 04-28-2019 0 23	0	23
Is there a way to flip the values of fields? Ex: sourceIP to destinationIP by simply using a command Here is what I'm trying to do. Say I have 10 servers being targeted by several public IP addresses, is there anyway t... by jrodriguez233 Engager in Knowledge Management 04-27-2019 1 2	1	2
How to bulk tag a field value pair. So i want to bulk tag multiple field values with the same Tag/alias using the Splunk Web search and not Linux configu... by jlpayne09 New Member in Knowledge Management 04-26-2019 0 1	0	1
Capability required to index "summary" to perform summary indexing Dears, What capability is required for a person with publisher role to use index "summary" to store summary indexing... by sakthiganesht Explorer in Knowledge Management 04-26-2019 0 4	0	4
Data restore from frozen bucket Hi is anyone help me how can i restore data from a frozen bucket to make it searchable in an indexer clustering envir... by Prakash493 Communicator in Knowledge Management 04-25-2019 0 5	0	5
Delete Specific Key from KVSTORE I am using the Mimecast v3.1.1 App/Addon and Ia m am trying to delete a specific key the application inserts into the... by scoughlin1 Path Finder in Knowledge Management 04-25-2019 0 1	0	1
Why is KV Store status listed as failed after upgrade to version 7.2.5.1? KV Store is not starting up after upgrading Splunk to version 7.2.5.1. ./splunk show kvstore-status shows status as... by keio_splunk Splunk Employee in Knowledge Management 04-25-2019 0 1	0	1
How to prevent duplicates in KV Store? Greetings, I regularly update a KV Store with new IP addresses/websites to monitor for in my network traffic. Somet... by dteo827 Explorer in Knowledge Management 04-24-2019 0 4	0	4
Field extraction failing Hello, I have input data that has a field named "tag" and Splunk is not extracting this field correctly. Any sugges... by grantccarlson New Member in Knowledge Management 04-24-2019 0 9	0	9
Delete Specific Key from KVSTORE I am using the Mimecast v3.1.1 App/Addon and Ia m am trying to delete a specific key the application inserts into the... by scoughlin1 Path Finder in Knowledge Management 04-23-2019 0 0	0	0
How to change ownership of a KO from a person to a group ? When I create a dashboard , even after sharing it within the app, It's me (the owner) of the dashboard who has the ab... by zacksoft Contributor in Knowledge Management 04-21-2019 0 5	0	5
My hourly sitimechart search has a "status=success" and a "return_count=120", but "success=1" with nothing in the summary index I don't understand why nothing is in the summary index. How can something return rows via sitimechart, but not put t... by lycollicott Motivator in Knowledge Management 04-21-2019 0 0	0	0
Suricata/Bro Data Models So I am getting data ingested from Bro/Zeek and Suricata via the TA's for said applications. I want to build data mo... by ddecker03 Loves-to-Learn Everything in Knowledge Management 04-18-2019 0 0	0	0
How to merge a lookuptable with a index I'm trying to make a join using a lookuptable and a query from a index With lookup table And the SPL are don't ... by leonardomassard Explorer in Knowledge Management 04-18-2019 1 2	1	2