Knowledge Management

Community Activity

kv store failing again and again After Splunk Upgrade, out of memory errors (6.6.3 --> 7.1.6) Here is the mongod.log 2019-02-15T08:12:44.837Z W CONTROL [main] net.ssl.sslCipherConfig is deprecated. It will be ... by vishaltaneja070 Motivator in Knowledge Management 02-15-2019 0 1	0	1
How is possible to configure the universal forwarder with configuration files, if Splunk ant the forwarder are in a docker container? I started a splunk environment in docker, and the universal forwarder too. Now i cant find in the forwarder the neces... by sabche New Member in Knowledge Management 02-14-2019 0 0	0	0
How to extract field using rex command Hi, I have this sample log and I want to extract the request ID value after the period. Each of those numbers are ... by philgopaul New Member in Knowledge Management 02-13-2019 0 3	0	3
Portion of customers meeting threshold Hi Splunk Experts, I am very new to Splunk and need some help to resolve my problem. I have a dataset that compris... by fikristar Explorer in Knowledge Management 02-13-2019 0 1	0	1
clustered environment - SummarySizeManager - Cannot compute size on disk - no such file or directory Hello. We have a clustered environment, several searcheads, several indexers, Splunk 6.4.0 I am running the followin... by smeriaadrian Engager in Knowledge Management 02-12-2019 0 0	0	0
Imbalanced KV-Store memory usage in SHC Hi all, I am witnessing a strange imbalance in the KV-Store memory (disk) usage across my SHC members. While one ho... by DMohn Motivator in Knowledge Management 02-12-2019 0 0	0	0
Cleaning up orphaned searches and reports We migrated search heads and there was content in user directories from users that have since quit, and therefore no ... by brent_weaver Builder in Knowledge Management 02-10-2019 0 1	0	1
Eventtype 'windows_account_created' does not exist or is disabled. I've given read permissions for macro, app, eventtype, everything I can think of, to the role and/or everyone. This... by sbgoldberg13 Explorer in Knowledge Management 02-08-2019 0 1	0	1
7.2.xへのアップグレード時にKVStoreのエラーが表示されます Splunkを 7.2.1 から 7.2.3 にアップグレードする際、マイグレーションスクリプト実行中に下記のエラーが表示され、アップグレードに失敗してしまいます。 ERROR while running mongod-fix-... by nfutatsugi_splu Splunk Employee in Knowledge Management 02-08-2019 0 1	0	1
URL truncated It looks like the field extraction for sourcetypes reques field is cutting some URLs short. URL return is truncated... by valeriedls01 Loves-to-Learn Everything in Knowledge Management 02-07-2019 0 1	0	1
Can you add data models to the Splunk Common Information Model (CIM) app? I haven't been able to find an answer to this in the documentation. Can you add data models to the Splunk Common Info... by matstap Communicator in Knowledge Management 02-07-2019 0 1	0	1
Can you set permissions in bulk for all macros in an app or TA? Can you set permissions in bulk for all macros in an app or TA? I want to set all macros in the Windows AD app to re... by sbgoldberg13 Explorer in Knowledge Management 02-07-2019 0 5	0	5
[smartStore] Configuring remote storage on indexes results repeat many times? After configuring remote storage on indexes, We are observing duplicate results. Sometime result repeat many times by rbal_splunk Splunk Employee in Knowledge Management 02-06-2019 0 1	0	1
Are there summary index naming convention standards? So I need to set up a summary index for our reporting team to do our monthly reports. Are there any naming convention... by cesaccenturefed Path Finder in Knowledge Management 02-06-2019 1 4	1	4
add devices into multiple groups We have 10 different sites and I would like to create a group for each site. For example, I want to add SITE-A devic... by sherrysafdar Explorer in Knowledge Management 02-06-2019 0 8	0	8
macro with eval-based definition: error - the definition is expected to be an eval expression that returns a string. Hoping to use a macro to simplify search terms as follows: index=my_index sourcetype=my_sourcetype splunk_servers=`s... by daveloaiza Engager in Knowledge Management 02-06-2019 0 2	0	2
compare between 3 Lookup Tables Hi Splunker; I have 3 lookup tables, I need search for appear the match results between 3 lookup tables, All lookup... by abdullahalhabba Explorer in Knowledge Management 02-05-2019 0 1	0	1
What do the summary index fields stand for? Summary indexing produces a lot of psrsvd_* fields. What do they stand for? I presume they're acronyms or abbreviat... by chiangs Explorer in Knowledge Management 02-05-2019 3 3	3	3
Writing our first custom App for Avecto chassis_type CIM model Hi, Looking for some advice We have an Asset field trying to get into CIM compliance ChassisType = Laptop, Notebo... by jonxilinx Path Finder in Knowledge Management 02-04-2019 0 2	0	2
How do you tag a field based on a condition? Good day everyone, I was wondering if there is a way to tag certain fields based on the value of that specific field... by mpasha Path Finder in Knowledge Management 02-02-2019 1 3	1	3
What is the purpose of the sourcetype "stash_new"? What is the purpose of the sourcetype "stash_new" as opposed to the "stash sourcetype? by lcavaliere_splu Splunk Employee in Knowledge Management 02-02-2019 0 3	0	3
Recommended topology for high availability across sites. I'm in the process of uplifting our existing logging systems and need some help to understand how true HA can be achi... by danieljackson New Member in Knowledge Management 01-31-2019 0 1	0	1
What capabilities are needed for kvstore backups? What capabilities does a role need to initialize kvstore backups using the "splunk backup kvstore" command or the RES... by my2ndhead SplunkTrust in Knowledge Management 01-30-2019 0 1	0	1
Run searches on app first install but not on upgrade I would like to create an app which when installed will do the following Run a number searches against an already ex... by DanielFordWA Contributor in Knowledge Management 01-30-2019 0 0	0	0
How to migrate users to a search head cluster? I followed the instructions on https://docs.splunk.com/Documentation/Splunk/7.2.3/DistSearch/Migratefromstandalonesea... by patng_nw Communicator in Knowledge Management 01-29-2019 0 6	0	6