Knowledge Management

Community Activity

savedsearch best practice hello i need to monitor events on a huge number of workstations i want to know the exact way to use saved search in... by jip31 Motivator in Knowledge Management 10-27-2018 1 2	1	2
[SmartStore]Splunk Smart Store and archival of frozendb to 3 Glacier Start Splunk Version 7.2, Splunk has provided a Smart Store capability where they provide a way to use remote object ... by rbal_splunk Splunk Employee in Knowledge Management 10-26-2018 2 1	2	1
How do I change the order of apps in the dropdown menubar? We want to change the order of these apps in the dropdown menu. In my mind it seems that this order depends on the se... by klowk Path Finder in Knowledge Management 10-25-2018 0 4	0	4
What happens when Splunk fails to transfer data from cold to frozen ? Does it retries ? If so, is it configurable? Wanted to know if there is any mechanism for splunk to know if write to frozen failed and what corrective action, if ... by adcb9mb Engager in Knowledge Management 10-24-2018 1 0	1	0
How do I create an eval expression for a data model? i have an expression which i am trying to use for a calculated field, and it is within a data model for web requests.... by danesh_shah New Member in Knowledge Management 10-24-2018 0 7	0	7
Macro optimization Hi, I've created a macro to convert IPv6 (IP field) to IPv4 connotation (Ex: 0000000000000000000000FFFF0a0a0a0a > 10... by chlima Explorer in Knowledge Management 10-23-2018 0 4	0	4
How can I expand a macro definition in the search field? Sometimes Splunk will just do this, like when you try to add an additional term from the Events tab, but what if I wa... by neiljpeterson Communicator in Knowledge Management 10-22-2018 3 7	3	7
backfill summary index one day at a time I'm trying to back fill my summary index one day at a time because my current savesearch contains a lot of regular ex... by michaelrosello Path Finder in Knowledge Management 10-22-2018 0 4	0	4
How to get existing KV Store to initialize after replacing one of the three (3) members with a new instance? Splunkers, Having trouble getting the kvstore to indicate that it is ready on any of the three members of the shclus... by mdwecht Path Finder in Knowledge Management 10-20-2018 0 2	0	2
What represents time_taken? I want to understand what the values of request time, response time and time_taken by rmanrique Path Finder in Knowledge Management 10-19-2018 0 3	0	3
wrong _time in summary index I need to populate a summary index with events from the original index that matches certain criteria. The original ev... by thezen Explorer in Knowledge Management 10-17-2018 0 0	0	0
How do you find all the events/logs that were never viewed in Splunk? We have a Splunk Enterprise License. I wanted to know about the log lines that are never viewed through the Splunk UI... by nithyaramasamy New Member in Knowledge Management 10-17-2018 0 1	0	1
Can you point me towards some Splunk beginners guides? Hi All, I am new to Splunk and starting to use this from the scratch for an e-commerce application. Please help me w... by pavansidharth Engager in Knowledge Management 10-16-2018 0 3	0	3
CIM datamodel error message Why I receive this error message in my splunk enviroment? Splunk_SA_CIM version 4.11.0 is lower than required 4.9.1 by asabatini85 Path Finder in Knowledge Management 10-16-2018 1 5	1	5
In a Splunk dashboard, how do you track data ingestion within a certain time? Hello, On a Splunk dashboard, Is there a way to show when data was ingested, stored, and analyzed? I'm trying to bu... by maryamchar Explorer in Knowledge Management 10-16-2018 0 13	0	13
What is the most efficient way to verify that data is coming in from a particular source or index? I would like to set up alerts which would let me know if no events come in for a particular source or index between a... by jflaherty Path Finder in Knowledge Management 10-13-2018 0 2	0	2
Does the performance of the kvstore lookup definition improve when it filters the original collection? When a kvstore lookup definition filters a kvstore of 1 million events down to 300k, does performance improve vs usin... by landen99 Motivator in Knowledge Management 10-13-2018 0 1	0	1
How do I add meaningful labels to error codes? How do I add meaningful labels to error codes? index=akamai_pi_prod message.reqHost=rpama message.status IN ("20... by harishnpandey Explorer in Knowledge Management 10-12-2018 0 5	0	5
Attempting to restore a KVStore collection: has anyone seen or successfully troubleshooted the following error? Hi Everyone, I am currently trying to achieve a quite simple process: set up a scalable way to backup/restore some K... by pabdola Explorer in Knowledge Management 10-12-2018 0 6	0	6
Splunk SDK for Python: What is the best way to update a KV Store and add potential records if there is no key match? Hello! I'm looking into using the Python SDK's KV store module to do some updating of a KV store. I've noticed that ... by goodsellt Contributor in Knowledge Management 10-11-2018 0 4	0	4
Is there a way to tag a Splunk source ? Issue: On the same box, we run different tests. But the results generated by those tests have the same name. Results... by xindeNokia Path Finder in Knowledge Management 10-06-2018 0 7	0	7
How do you profile connections to a system using Stream? Guys, I inherited a load of Windows Domain Controller servers am I'm tasked with upgrading them and decommissioning s... by shocko Contributor in Knowledge Management 10-05-2018 0 0	0	0
How do you calculate ratios of counts to field totals? Here's what I have: base search\| stats count as spamtotal by spam This gives me: (13 events) spam / spamtotal ==... by chris94089 Path Finder in Knowledge Management 10-04-2018 0 5	0	5
Could you help me identify the following "lookup table" error? Hi friends i am getting the below error, please let me know what is the issue? My error is : "Error 'Could not fi... by rajakabdual New Member in Knowledge Management 10-03-2018 0 2	0	2
Why aren't field aliases working for CIM data? I am trying to map incoming events to CIM fields using aliases. I followed the documentation here —https://docs.splun... by ts46235 Engager in Knowledge Management 10-02-2018 0 2	0	2