Knowledge Management

Community Activity

Exclusion in lookup via wildcard I have a splunk query which returns these 2 set of events.1) domain_name="abc"microservice_name="test"message=[WEB] E... by viku7474 Explorer in Knowledge Management 05-27-2024 0 3	0	3
Creating a script to gather machine performance Hello, Ive been trying to set up a script to run every 5 minutes with cronjob in a CentOS enviorementHeres the script... by AleZ214 Loves-to-Learn in Knowledge Management 05-23-2024 0 1	0	1
Service user for scheduled searches: one or more? Hi Splunkers, I have a doubt about users that run scheduled searches.Until now, I now very well that, if a user own a... by SplunkExplorer Contributor in Knowledge Management 05-22-2024 0 1	0	1
Important fix for 9.1.4/9.2.1 https://docs.splunk.com/Documentation/Splunk/9.2.1/ReleaseNotes/Fixedissueshttps://docs.splunk.com/Documentation/Splu... by hrawat Splunk Employee in Knowledge Management 05-22-2024 4 0	4	0
Splunk Input Persistent Queue https://docs.splunk.com/Documentation/SplunkCloud/9.1.2312/Data/UsepersistentqueuesPersistent queuing is available fo... by hrawat Splunk Employee in Knowledge Management 05-21-2024 4 0	4	0
Extracted field not displaying in Interesting Fields sidebar Hi, I appreciate that there are numerous questions on here for similar problems but, after reading quite a few of the... by BB_MW Explorer in Knowledge Management 05-21-2024 0 7	0	7
Correlation searches in the "Use Case Library" Has anyone attempted to enable all the correlation searches in the "Use Case Library" for enterprise security?There a... by Abdulkareem Engager in Knowledge Management 05-21-2024 0 1	0	1
If I config 2 Indexer in Index Cluster save frozen log into 1 disk, Log would be replicated? I have 2 Index in Index ClusterHot, Cold, Frozen Hot and Cold are different disksFrozen will use same disk for both I... by jacknguyen Path Finder in Knowledge Management 05-20-2024 0 8	0	8
Help needed with lookup error Anyone have an idea on the below issue?\| inputlookup testthe lookup table file and definition both are available, bot... by Roy_9 Motivator in Knowledge Management 05-19-2024 0 10	0	10
Bulk enabling alerts Hi, Is there a way of bulk enabling alerts in Splunk enterprise? Thanks, Joe by joe06031990 Communicator in Knowledge Management 05-17-2024 0 3	0	3
Configuration Tracker - Linux Symbolic Link App Folder Hello together,with the introduction of the new ConfigurationTracker in Splunk 9.0 we noticed that some of our apps a... by Solev Explorer in Knowledge Management 05-16-2024 0 1	0	1
Splunk Customized dashboard creation Need a report based on previous day I have source ip segment xx.xx.xx.xx/28, & destination ip segment xx.xx.xx/24 out... by sankardevarajan Explorer in Knowledge Management 05-14-2024 0 3	0	3
Forwarding data to dynamic IPs I am trying to forward data from UF to few indexers but the indexes have dynamic IPs which keep changing. Now, how do... by av_ Path Finder in Knowledge Management 05-09-2024 0 2	0	2
Create KVStore lookup definition in Splunk UI without using transform.conf Hello,I am not an admin that has permission to create or view transform.conf file. I also don't have a lab, so I can'... by LearningGuy Motivator in Knowledge Management 05-07-2024 0 10	0	10
Integration of SharePoint to Splunk Is it possible to pull all information in CSV file inside of the root folder when doing the integration of sharepoint... by tjlavarias24 New Member in Knowledge Management 04-28-2024 0 1	0	1
knowledge bundle replication error Hello. We are deploying a new search head in our splunk environment. We are using windows 2019 servers as platform. T... by yosoypako Path Finder in Knowledge Management 04-24-2024 0 7	0	7
Combine the result of two tables into one and add a column displaying the name of the table for each row I have two queries which is giving me two tables, naming Distributed & Mainframe as below -Distributed- index=idx-es... by man03359 Communicator in Knowledge Management 04-23-2024 0 2	0	2
Splunk Enterprise security Custom Threat intel feed Hi, We have Configured custom threat intel feeds with splunk. The connection is succesful the status of the file show... by umesh Path Finder in Knowledge Management 04-15-2024 0 3	0	3
sitimechart Hello,While using sitimechart instead of timechart - The data has been changed.I would like to calculate an error per... by SaharElmakias Engager in Knowledge Management 04-14-2024 0 1	0	1
Need help to get total count index=app-index source=application.logs \| rex field= _raw "RampData :\s(?<RampdataSet>\w+)" \| rex field= _raw "(?<Mes... by vishwa Path Finder in Knowledge Management 04-13-2024 0 3	0	3
extracting mv fields Hello everyone!I need some help creating a multivalue field.Events can contain 1 or more fields with the following fo... by Be_JAR Path Finder in Knowledge Management 04-12-2024 0 5	0	5
Custom Regex Below is the regex used, here we want to extract following fields:DIMTIDAPPLICATIONPOSITIONCORRLATIONIDThe rex which ... by vishwa Path Finder in Knowledge Management 04-12-2024 0 5	0	5
For HEC (httpInputQ) set maxSize in server.conf There is a practice of setting queueSize in inputs.conf [http://<token>] stanza. queueSize over writes server.conf st... by hrawat Splunk Employee in Knowledge Management 04-11-2024 1 3	1	3
During indexer restart/ indexer cluster rolling restart TcpInputProcessor fails to drain queue. During graceful indexer/HF restart/stop (basically where ever splunktcp is configured) if you see last entries in met... by hrawat Splunk Employee in Knowledge Management 04-10-2024 2 2	2	2
Integrating Splunk with SAP Analytics Cloud: What are the Key Considerations and Best Practices? Hello,I'm currently exploring the integration of Splunk with SAP Analytics Cloud for our data analysis and visualizat... by stevediaz Explorer in Knowledge Management 04-10-2024 0 1	0	1