Knowledge Management

Discussions

Thread Info

Are there summary index naming convention standards?

So I need to set up a summary index for our reporting team to do our monthly reports. Are there any naming convention...

by Path Finder in

add devices into multiple groups

We have 10 different sites and I would like to create a group for each site. For example, I want to add SITE-A dev...

by Explorer in

macro with eval-based definition: error - the definition is expected to be an eval expression that returns a string.

Hoping to use a macro to simplify search terms as follows: index=my_index sourcetype=my_sourcetype splunk_servers=...

by Engager in

compare between 3 Lookup Tables

Hi Splunker; I have 3 lookup tables, I need search for appear the match results between 3 lookup tables, All lo...

by Explorer in

What do the summary index fields stand for?

Summary indexing produces a lot of psrsvd_* fields. What do they stand for? I presume they're acronyms or abbreviatio...

by Explorer in

Writing our first custom App for Avecto chassis_type CIM model

Hi, Looking for some advice We have an Asset field trying to get into CIM compliance ChassisType = Laptop, Note...

by Path Finder in

How do you tag a field based on a condition?

Good day everyone, I was wondering if there is a way to tag certain fields based on the value of that specific fie...

by Path Finder in

What is the purpose of the sourcetype "stash_new"?

What is the purpose of the sourcetype "stash_new" as opposed to the "stash sourcetype?

by Splunk Employee in

Recommended topology for high availability across sites.

I'm in the process of uplifting our existing logging systems and need some help to understand how true HA can be achi...

by New Member in

What capabilities are needed for kvstore backups?

What capabilities does a role need to initialize kvstore backups using the "splunk backup kvstore" command or the RES...

by SplunkTrust in

Run searches on app first install but not on upgrade

I would like to create an app which when installed will do the following Run a number searches against an already ...

by Contributor in

How to migrate users to a search head cluster?

I followed the instructions on https://docs.splunk.com/Documentation/Splunk/7.2.3/DistSearch/Migratefromstandalonesea...

by Communicator in

internal documentation links

I have updated the docsCheckerBaseURL property in web.conf (in system/local) however clicking on any of the links und...

by Path Finder in

I'm new to Splunk — can you give me resources to learn?

Hello Everyone, I am new to the Splunk world and I need help figuring out how to go about learning it. I am wor...

by New Member in

What are some good Splunk tips & tricks you know?

I write a monthly tips & tricks blog for Splunk users/consumers at my company but have steadily been running out of i...

by Explorer in

Documentation and usage?

Hi Is there any documentation for this add-on ? If its developed by Splunk is it supported by them also ? Shoul...

by Builder in

Alternatives to mvexpand mvzip to create a summary index

Greetings, I have a JSON with the format: bigfield: [ [-] { [-] field1: xxxx ...

by Explorer in

KV Store - All queries takes 10 seconds to finish

Hi, We have a clustered environment with 3 SHC and 2 indexers. We have been using KV Store with great success as a...

by Explorer in

How to string compare field values in an eval macro?

I'm working on a search to gather events from similar time periods over several weeks (ie: Mondays between 14:00 and ...

by Explorer in

Move specific data from one index to another index

Hello, I want to move specific data from one index to another index. I don't want to make a full copy of previous ...

by New Member in

splunk universal forwarded account

the is an account input with input password 2 times. what account should I input? Arbitrary information is fine for l...

by Path Finder in

document for splunk experience

Hi I am new in Splunk. I am looking for documents that some body wrote about his experience or benchmark of splunk. H...

by New Member in

[SmartDtore] How to Analyse the CacheSize?

How to verify the High cache churn rate? We have configured Smartstore for our indexer Cluster deployment and obse...

by Splunk Employee in

[SmartStore] SmartStore and POST to the cachemanager endpoint for Open/Close of Bucket?

in an SmartStore environment, when a search is executed on the indexers, is there always a post to the cachemanager e...

by Splunk Employee in

[SmartStore] What is .splunkIgnore?

I was working with some s2 data for bootstrapping and I found a .splunkIgnore file under the rawdata directory. Just ...

by Splunk Employee in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

Are there summary index naming convention standards?

add devices into multiple groups

macro with eval-based definition: error - the definition is expected to be an eval expression that returns a string.

compare between 3 Lookup Tables

What do the summary index fields stand for?

Writing our first custom App for Avecto chassis_type CIM model

How do you tag a field based on a condition?

What is the purpose of the sourcetype "stash_new"?

Recommended topology for high availability across sites.

What capabilities are needed for kvstore backups?

Run searches on app first install but not on upgrade

How to migrate users to a search head cluster?

internal documentation links

I'm new to Splunk — can you give me resources to learn?

What are some good Splunk tips & tricks you know?

Documentation and usage?

Alternatives to mvexpand mvzip to create a summary index

KV Store - All queries takes 10 seconds to finish

How to string compare field values in an eval macro?

Move specific data from one index to another index

splunk universal forwarded account

document for splunk experience

[SmartDtore] How to Analyse the CacheSize?

[SmartStore] SmartStore and POST to the cachemanager endpoint for Open/Close of Bucket?

[SmartStore] What is .splunkIgnore?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

New Splunk TcpOutput persistent queue

Forwarders blocking / Splunk Cloud Dead Letter Qu...

Solutions: "Splunk could not get the description f...

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased...