Knowledge Management

Community Activity

Historical Data forward to third party using syslog My question is in regard to Splunk doc https://docs.splunk.com/Documentation/Splunk/7.2.3/Forwarding/Forwarddatatothi... by ppuru Path Finder in Knowledge Management 01-15-2019 0 1	0	1
How do I pass a variable to a macro in a saved search? I want to pass a variable to a savedsearch using this method: \| savedsearch mySavedSearch1 inputParam1="value1" Wi... by jks_at_senscons New Member in Knowledge Management 01-15-2019 0 2	0	2
Can you help me with an issue using macros and inputlookup with a metasearch? I can run \|metasearch ((index=IN1 sourcetype=S1) OR (index=IN2 sourcetype=S2)) and it works — no issues. I can crea... by lakshman239 Influencer in Knowledge Management 01-14-2019 0 4	0	4
when is it safe to delete oneshot input file? Hello. I have a script that invokes the command line splunk tool on an single index/search head to oneshot index log... by bcavagnolo Explorer in Knowledge Management 01-07-2019 1 8	1	8
How do i display the total number of unique records per row? See the attached image. I want to print the total on the statistics tab. by ronniemakhombi Explorer in Knowledge Management 01-07-2019 0 9	0	9
How do you make an expand and collapse menu using simple XML? Hi , I have to create a heading as a row value .When i click in the "+" sign , it should display a set of rows .Basi... by Nadhiyaa Path Finder in Knowledge Management 01-06-2019 0 1	0	1
What is datamodels.conf and in which component of Splunk should it be defined? Also, what actually does Splunk do when we give the below line in datamodels.conf file? acceleration.max_concurrent ... by pavanae Builder in Knowledge Management 01-04-2019 0 3	0	3
Use the output of one search as input to another search Hi, I have a request where in 1.I will have to perform a search to get value A,B and C (where B is the values of th... by Deepz2612 Explorer in Knowledge Management 01-04-2019 0 2	0	2
How do I represent a time difference by changing the time format? hello all together, I'm new to Splunk and I have this problem: i want to represent a time difference and I already ... by j_r Path Finder in Knowledge Management 01-03-2019 0 7	0	7
How do you determine how many days of data an index has? Hi everyone, What is the best way to determine how many days of data each index is retaining if you only set the ret... by R_B Path Finder in Knowledge Management 01-02-2019 0 2	0	2
How come when I run inputlookup myLookupTest, it's returning 0 results? I created a test KVStore in order to familiarize myself with the API. It has about 20 records in it, all of which are... by bbritten Explorer in Knowledge Management 01-02-2019 0 8	0	8
Summary Indexing give duplicated records Hello, I had set up a few schedule reports that will collect some data from index A every 15 minutes into index B (w... by lamca New Member in Knowledge Management 12-27-2018 0 4	0	4
when I click on Error tab in splunk enterprise getting error like "Error in 'lookup' command: Lookups: The lookup table 'symbolicatedStacktraceLookup' does not exist or is not available" Could you please help me on this ? when I click on Error tab in splunk enterprise getting error like "Error in 'lookup' command: Lookups: The lookup tab... by jasnaidu Engager in Knowledge Management 12-27-2018 0 1	0	1
How to Map one to one value of fields Hi Friends, I want to map value one to one from fields Example: 1) If Test field has 100 value & Data fields has Se... by rakesh44 Communicator in Knowledge Management 12-26-2018 0 1	0	1
Long running fill_summary_index and splunk.AuthenticationFailed: [HTTP 401] Client is not authenticated I tried to do a long-running summary index backfill, filling many days of data, e.g. $SPLUNK_HOME/bin/splunk cmd pyt... by patng_nw Communicator in Knowledge Management 12-25-2018 0 2	0	2
knowledge object export in default.meta I've only found examples for export=system which is a global export. Can some someone direct me to a docs that shows ... by nickstone Path Finder in Knowledge Management 12-22-2018 1 5	1	5
How to create a new index(not peer index node) from distributed environment? The environment is working well, since we have already had some indexes created there, and running as expected. I jus... by Leo_Yong Explorer in Knowledge Management 12-20-2018 0 2	0	2
Duplicate events in Splunk but not in logs Hi all My Splunk instance is monitoring one file for new data and adds it to its database. From these events, I buil... by bwouters Path Finder in Knowledge Management 12-20-2018 0 8	0	8
why are my indexes disabled? There is no error about it in splunkd.log link text From this link,i checked and there is no bucket with the same i... by zhangquanacc Engager in Knowledge Management 12-18-2018 1 4	1	4
[SmartStore]Increase RF=2,SF=1 to RF=SF=2 and cluster took long time to meet RF, SF and Mark All Data Searchable. @We have two node Cluster using smartstore @Initially configured as RF=2 and Sf=1 and CM's user interface shows ( "A... by rbal_splunk Splunk Employee in Knowledge Management 12-13-2018 0 1	0	1
Tags defined in tags.conf not showing up in GUI So let's say I have this tag in /opt/splunk/etc/apps/search/local/tags.conf: [host=x.y.uci.edu] nac_wsg = disabled n... by wrangler2x Motivator in Knowledge Management 12-11-2018 0 9	0	9
Can you help me with Line Breaker and Event Time? Hello, I have a database crashdump file, which has the following structure (from the beginning): ==================... by damucka Builder in Knowledge Management 12-10-2018 0 10	0	10
Any ideas what is causing my delay in a search using the collect and mcollect command? Hello, I have a simple collect query that looks the like the following: \| makeresults \| eval test=1 \| collect inde... by denys_k Explorer in Knowledge Management 12-08-2018 0 2	0	2
Any reason why I keep getting this message below and how to resolve it? Search peer XXXX(My Indexer) has the following message: Failed to register with cluster master reason: failed method=... by afolabia Path Finder in Knowledge Management 12-07-2018 0 3	0	3
kv extracts fields nested in field values even though pairdelim is not present While ingesting a data source that comes in over syslog with a basic structure of syslog header key="value",key="valu... by FrankVl Ultra Champion in Knowledge Management 12-04-2018 0 1	0	1