Knowledge Management

Ask a Question

Discussions

Thread Info

Search process did not exit cleanly, exit_code=255, description="exited with code 255

Dear everyone, Have a good day ahead. I am having the following issue that need your advice. Recently, I have depl...

by New Member in

Can you help me with a problem using conditionals in eval macros?

Hi All, I'm struggling to get an eval macro working using conditionals (either case or if statement). No matter...

by Explorer in

[SmartStore]To avoid failure, can we get recommendations for migrating a clustered environment with 50 indexers to Smartstore?

We have read documentation and planning as per documentation, we are looking for feedback for common recommendation t...

by Splunk Employee in

why the data is not conformed with CIM model after implementing the splunk Add-on for F5 BIG-IP?

Hi All, Currently facing an issue in parsing the data and also the data is not conformed with CIM model. Environm...

by Motivator in

[Smartstore]Can I get more information on Migrating the data from Splunk Local store to remote storage?

I am trying to migrate date from local storage to remote store and would like to understand best way to monitor the p...

by Splunk Employee in

Why does a search on the "query" field yield different results than on another name like "query_name"?

The following two searches yield very different results: ...|search NOT [...|rename field AS query] ...| rename qu...

by Motivator in

Can you help me extract an event between tags?

Hello I have XML logs and I want to extract all the text between these tags What is the better way to do this plea...

by Motivator in

parallel reduce search processing - How do i know it is working? Do i have to use "Redistribute"?

Hi I have configured the below http://docs.splunk.com/Documentation/Splunk/7.2.1/DistSearch/Parallelreduceoverview...

by Influencer in

assertionconsumerservice URL is missing from samlrequest in SP-initiated SSO flow.

I am currently working with our Okta team to get SSO working with Splunk. However, we cannot get the assertionconsume...

by Engager in

[KVstore] Upgrade 8 Node SHC member from 6.6 to 7.1.4 and kvstore is broken

splunk showAll kvstore members had status starting and and mongod.log shows the messages like below: 2018-11-10T13...

by Splunk Employee in

How do you append data resulting from a previous search by subtracting 1 from the result in a field?

Hello all, I am trying take the results of my search and append the results based on that search from the "OID" fi...

by Path Finder in

populating search unable to select summary index

In the documentation about using summary indexes it says at step 8: Select a summary index. The default summa...

by Communicator in

How do you display a count based from the latest timestamp?

Hello, I'm new with Splunk and need some help. I need to filter my data to only count the status of the latest tim...

by Explorer in

Why does a Summary Index use the "main" index when I specified a different index?

Why does a Summary Index use the "main" index when I specified a completely different index? I have looked in inputs....

by Path Finder in

Are there any instructions for getting eDirectory 8.8 data into Splunk?

Could anyone share some insight on how to get data from eDirectory 8.8 or later into Splunk?

by Explorer in

Issue related to data Model

I have created a data model from splunk UI and also added some eval fields to the data set. After this, i tried cr...

by Explorer in

How to set Splunk to feed ServiceNow CMDB?

Hi All, Any guidelines on how to properly configure Splunk feed to ServiceNow CMDB? What are the drawbacks, pitfal...

by Path Finder in

Are '.' characters in KV lookup field names supported?

I notice that whenever I create a KV-store lookup definition with a field containing a '.' character, it does not wor...

by Path Finder in

Is it possible to create an alert that does summary indexing and sends an email?

We got a working solution using saved searches (summary indexer and alert sending email) that does something like thi...

by Builder in

Summary index for large data and many group bys

I'm hoping to get a single summary index query that I can then use to pull data in different ways. I would prefer to ...

by Communicator in

Can we send summary indexed data to third party receivers?

Can we send summary indexed data to third party receivers? Like I have done the summary indexing on my search head...

by Motivator in

Can you help me with my query involving a saved search and summary indexing?

Hi, I am trying to understand how and where Splunk stores data from saved searches that populates a new summary in...

by Builder in

Need complete set of Buttercup games data ? Does anyone has it ? Will be great if Splunk can provide it. Thank you.

Need complete set of Buttercup games data ? Does anyone has it ? Will be great if Splunk can provide it. Thank you. I...

by Path Finder in

Fetch global team model failed. Details: [HTTP 503] [{'type': 'ERROR', 'text': 'KV Store initialization failed

Hey Splunkers, when i run my ITSI app im getting below erro. Fetch global team model failed. Details: [HTTP 503...

by Explorer in

savedsearch best practice

hello i need to monitor events on a huge number of workstations i want to know the exact way to use saved search ...

by Motivator in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

Search process did not exit cleanly, exit_code=255, description="exited with code 255

Can you help me with a problem using conditionals in eval macros?

[SmartStore]To avoid failure, can we get recommendations for migrating a clustered environment with 50 indexers to Smartstore?

why the data is not conformed with CIM model after implementing the splunk Add-on for F5 BIG-IP?

[Smartstore]Can I get more information on Migrating the data from Splunk Local store to remote storage?

Why does a search on the "query" field yield different results than on another name like "query_name"?

Can you help me extract an event between tags?

parallel reduce search processing - How do i know it is working? Do i have to use "Redistribute"?

assertionconsumerservice URL is missing from samlrequest in SP-initiated SSO flow.

[KVstore] Upgrade 8 Node SHC member from 6.6 to 7.1.4 and kvstore is broken

How do you append data resulting from a previous search by subtracting 1 from the result in a field?

populating search unable to select summary index

How do you display a count based from the latest timestamp?

Why does a Summary Index use the "main" index when I specified a different index?

Are there any instructions for getting eDirectory 8.8 data into Splunk?

Issue related to data Model

How to set Splunk to feed ServiceNow CMDB?

Are '.' characters in KV lookup field names supported?

Is it possible to create an alert that does summary indexing and sends an email?

Summary index for large data and many group bys

Can we send summary indexed data to third party receivers?

Can you help me with my query involving a saved search and summary indexing?

Need complete set of Buttercup games data ? Does anyone has it ? Will be great if Splunk can provide it. Thank you.

Fetch global team model failed. Details: [HTTP 503] [{'type': 'ERROR', 'text': 'KV Store initialization failed

savedsearch best practice

Fall Into Learning with New Splunk Education Courses

Super Optimize your Splunk Stats Searches: Unlocking the Power of tstats, TERM, and ...

How Splunk Observability Cloud Prevented a Major Payment Crisis in Minutes

New Splunk TcpOutput persistent queue

Solutions: "Splunk could not get the description f...

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased...

Routing events on UF for sourcetypes with INDEXED_...

Knowledge Management

Are you a member of the Splunk Community?

Discussions