Knowledge Management

Community Activity

What capabilities are needed for kvstore backups? What capabilities does a role need to initialize kvstore backups using the "splunk backup kvstore" command or the RES... by my2ndhead SplunkTrust in Knowledge Management 01-30-2019 0 1	0	1
Run searches on app first install but not on upgrade I would like to create an app which when installed will do the following Run a number searches against an already ex... by DanielFordWA Contributor in Knowledge Management 01-30-2019 0 0	0	0
How to migrate users to a search head cluster? I followed the instructions on https://docs.splunk.com/Documentation/Splunk/7.2.3/DistSearch/Migratefromstandalonesea... by patng_nw Communicator in Knowledge Management 01-29-2019 0 6	0	6
internal documentation links I have updated the docsCheckerBaseURL property in web.conf (in system/local) however clicking on any of the links und... by coreyf311 Path Finder in Knowledge Management 01-29-2019 0 3	0	3
I'm new to Splunk — can you give me resources to learn? Hello Everyone, I am new to the Splunk world and I need help figuring out how to go about learning it. I am working... by vijaykummar New Member in Knowledge Management 01-25-2019 0 7	0	7
What are some good Splunk tips & tricks you know? I write a monthly tips & tricks blog for Splunk users/consumers at my company but have steadily been running out of i... by SplunkIsLife Explorer in Knowledge Management 01-24-2019 0 2	0	2
Documentation and usage? Hi Is there any documentation for this add-on ? If its developed by Splunk is it supported by them also ? Should th... by Esky73 Builder in Knowledge Management 01-24-2019 0 4	0	4
Alternatives to mvexpand mvzip to create a summary index Greetings, I have a JSON with the format: bigfield: [ [-] { [-] field1: xxxx ... by msyparker Explorer in Knowledge Management 01-24-2019 0 2	0	2
KV Store - All queries takes 10 seconds to finish Hi, We have a clustered environment with 3 SHC and 2 indexers. We have been using KV Store with great success as an... by okheggdal Explorer in Knowledge Management 01-24-2019 0 0	0	0
How to string compare field values in an eval macro? I'm working on a search to gather events from similar time periods over several weeks (ie: Mondays between 14:00 and ... by d389133 Explorer in Knowledge Management 01-22-2019 1 3	1	3
Move specific data from one index to another index Hello, I want to move specific data from one index to another index. I don't want to make a full copy of previous in... by Navern New Member in Knowledge Management 01-22-2019 0 6	0	6
splunk universal forwarded account the is an account input with input password 2 times. what account should I input? Arbitrary information is fine for l... by johnsmithcy Path Finder in Knowledge Management 01-22-2019 0 1	0	1
document for splunk experience Hi I am new in Splunk. I am looking for documents that some body wrote about his experience or benchmark of splunk. H... by mojgh94 New Member in Knowledge Management 01-21-2019 0 2	0	2
[SmartDtore] How to Analyse the CacheSize? How to verify the High cache churn rate? We have configured Smartstore for our indexer Cluster deployment and observ... by rbal_splunk Splunk Employee in Knowledge Management 01-21-2019 1 2	1	2
[SmartStore] SmartStore and POST to the cachemanager endpoint for Open/Close of Bucket? in an SmartStore environment, when a search is executed on the indexers, is there always a post to the cachemanager e... by rbal_splunk Splunk Employee in Knowledge Management 01-21-2019 0 1	0	1
[SmartStore] What is .splunkIgnore? I was working with some s2 data for bootstrapping and I found a .splunkIgnore file under the rawdata directory. Just ... by rbal_splunk Splunk Employee in Knowledge Management 01-21-2019 0 1	0	1
Why does setting a TZ for sourcetype "stash" not take effect? Issue: If you try to apply a TZ in props to sourcetype "stash" (i.e. the sourcetype of summary-indexed data), this s... by lcavaliere_splu Splunk Employee in Knowledge Management 01-20-2019 0 1	0	1
[SmartStore]Splunk configured with s3 compatibility smartstore reporting bad connection HTTP sttaus code 400 Our indexers are configured to use s3 compatibility remotepath, ans were seeing lots of 400 status code returned when... by rbal_splunk Splunk Employee in Knowledge Management 01-18-2019 0 2	0	2
Splunk Auding for changes in macro Can someone please help me here :I have a search giving me the details of users who modified macros index=_interna... by anilyelmar Explorer in Knowledge Management 01-18-2019 0 1	0	1
SSL Error between an UF and a Heavy Forwarder with same version 7.0.5 Hi I have a new UF (source) to send data to a HF (destination). Both are 7.0.5. In the UF I have this error when I... by ESMaletMa Explorer in Knowledge Management 01-18-2019 0 3	0	3
[SmartStore] Keep Splunk up while S3 is unavailable In our Splunk installation, our indexes are using remotepath configured to use an in-house S3. We have had situations... by rbal_splunk Splunk Employee in Knowledge Management 01-17-2019 0 1	0	1
Datamodel Acceleration questions Hi Everyone, I have a few questions which I haven't been able to find answers too. I have more than one search head... by dsofoulis Path Finder in Knowledge Management 01-16-2019 0 2	0	2
Extremely confused with :: vs = On our forwarders we have a [default] _meta value that specify a few key::value pairs, e.g. a key to tell us what sit... by Kindred Path Finder in Knowledge Management 01-16-2019 1 5	1	5
Forward all events/syslog from Splunk 7.2.1 to ESM McAfee SIEM or other 3-party (splunk guide not working) Hi, I've downloaded Splunk 7.2.1 deb package, installed it on the linux machine, add a data source (the server that ... by evil_security Explorer in Knowledge Management 01-16-2019 0 6	0	6
How to find the search string by using search id/ref/base search ? Below is the sample dashboard xml where i can see the tags of search id , ref , base search .. but i need to get hold... by pravinvram Engager in Knowledge Management 01-16-2019 0 2	0	2