Knowledge Management

Knowledge Management
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
MATTHEW_ORNAWKA

After changing DB locations, the KVstore is not initializing in our environment. What can I do to have MongoDB run with Splunk?

Having an issue with the KVstore not initializing in our environment. The error log from mongod.log is below I have...
by MATTHEW_ORNAWKA Observer in Knowledge Management 09-06-2018
0 5
0
5
JordanPeterson

How do you search for event types that return no results?

I have a list of event types I'm searching for based on a standard naming convention. I want to be able to return a l...
by JordanPeterson Path Finder in Knowledge Management 09-05-2018
0 4
0
4
gregbo

I've heard that once data is indexed, it cannot be modified. Is that documented somewhere?

I know that once an event is indexed, it cannot be modified. But is that specifically stated somewhere in the Docume...
by gregbo Communicator in Knowledge Management 09-05-2018
1 1
1
1
AditiKulkarni

How to delete KV Store data older than 30 days?

In our application, there is a requirement where we have to retain data in KV Store for a month (i.e. 30 days) and de...
by AditiKulkarni New Member in Knowledge Management 09-03-2018
0 4
0
4
mmichelsen

What is the maximum length for a field name?

I have a library for creating application event logs formatted as key-value pairs. It allows the caller to create ar...
by mmichelsen New Member in Knowledge Management 08-29-2018
0 1
0
1
chinmayc469

Summary Index: Why is a search that took less time before taking much longer now?

Hello, I am running a saved search(every 5 min) to populate a summary index using collect command. Now the search ...
by chinmayc469 Explorer in Knowledge Management 08-28-2018
0 0
0
0
michaelrosello

eventtype error

Why do I get this error when using eventtype? This is the eventtype configuration and I also tried running that sear...
by michaelrosello Path Finder in Knowledge Management 08-28-2018
0 7
0
7
Shan

Can you use the same macro with additional arguments for another dashboard?

Hi All, I have a macro with three Arguments. I need to us the same macro in another dashboard, but there, i need to ...
by Shan Builder in Knowledge Management 08-27-2018
0 3
0
3
sangs8788

What does bin _time span does here?

Hi, I am having a bit of difficulty understanding what does bin _time span does here. Below is query shared in splu...
by sangs8788 Communicator in Knowledge Management 08-27-2018
0 1
0
1
daniel_splunk

How can I remove a record from KVstore which is no longer required?

How can I remove a record from KVstore as that is no longer required?
by daniel_splunk Splunk Employee Splunk Employee in Knowledge Management 08-23-2018
2 2
2
2
vbumgarner

INDEXED_EXTRACTIONS on summary events?

It would be really cool to be able to have all of the fields in a summary index automatically converted to indexed fi...
by vbumgarner Contributor in Knowledge Management 08-23-2018
0 2
0
2
DavidGirsvaldas

"Collect" command doesnt work with "All time (Real-Time)"

Hi, I have a use case where I need to check for incomming events with measurements, combine and modify them and save ...
by DavidGirsvaldas Explorer in Knowledge Management 08-22-2018
0 6
0
6
drejoe

Automatic lookup, matching range field?

Hi, I would like to enriche netflow data (i.e. dst ip, dst port) with "service name", using automatic lookup. My loo...
by drejoe Explorer in Knowledge Management 08-21-2018
0 2
0
2
bschaap

Why are lookups loaded for sourcetypes that don't apply?

I noticed in search.log that there are "INFO LookupOperator - Loading lookup table=..." log events that don't apply ...
by bschaap Path Finder in Knowledge Management 08-21-2018
0 1
0
1
neermine

How to create a search template (macro) using Splunk?

Hi I need to create a search template using Splunk so I want to know what are the steps that I have to follow? must...
by neermine Path Finder in Knowledge Management 08-17-2018
0 5
0
5
mdennis0177

I do a search for an index and it finds it. I look in the web interface for indexes and it is not listed. I look in data inputs and it is listed there as an index. Why does the web interface not show it in the indexes?

I do a search for an index and it finds it. I look in the web interface for indexes and it is not listed. I look in d...
by mdennis0177 New Member in Knowledge Management 08-15-2018
0 3
0
3
Dandell

Is there any way to retrieve kv-store that was accidentally deleted?

One of my kv-store was accidentally deleted, knowing that we have not done any backup for this kv-store. Is there any...
by Dandell New Member in Knowledge Management 08-15-2018
0 1
0
1
kennethhartley1

Copy reports from one standalone machine to another the easy way. No fancy code. No virtualization. No Servers. Just a standalone machine and JUST some reports and dashboards.

I have scoured the internet in search of a simple way to copy reports and dashboards from one STANDALONE machine to a...
by kennethhartley1 Engager in Knowledge Management 08-14-2018
0 3
0
3
tkwaller_2

Why is the KVStore not loading on the search head?

On My search head I cant load the KVSTORE mongod.log says 2018-08-14T14:46:34.831Z W CONTROL No SSL certificat...
by tkwaller_2 Communicator in Knowledge Management 08-14-2018
0 1
0
1
bs000e1eu

Field Extraction updated but how to activate in Data Modell?

I have updated the Field Extraktion for some fields but the Data Modell still use the old Definition. How to make the...
by bs000e1eu New Member in Knowledge Management 08-13-2018
0 0
0
0
smstoyanov

Is it possible to monitor docker container (cpu/memory/processes usage) without outcold solutions containers?

I`m tryin to find out some solution which provide view over the containers and processes usage ?
by smstoyanov New Member in Knowledge Management 08-08-2018
0 5
0
5
AlexeySh

Is it possible to use a decision matrix in Splunk?

Hello, We export a data from our vulnerability management tool to Splunk and we’d like to evaluate the initial sever...
by AlexeySh Communicator in Knowledge Management 08-08-2018
0 3
0
3
rajneeshc1981

How to check if the automatic lookup is working?

How to check if the automatic lookup is working? Lookup is working fine how can I test auto lookup is working too?
by rajneeshc1981 Explorer in Knowledge Management 08-07-2018
0 2
0
2
bogdan_nicolesc

How do I add and delete host in Data Summary from Data Summary Splunk?

Hi there. Newbie on splunk here. I have a rookie question to ask ... In Search menu, under Data Summary, how do I a...
by bogdan_nicolesc Communicator in Knowledge Management 08-06-2018
0 8
0
8
mgaraventa_splu

Why does this error "('createIndex', domain: '5', code: '10088'): exception: cannot index parallel arrays" causes KVstore to stop working?

Hi all, I’m experiencing an unclear issue with KVstore (Splunk 6.5.6). I’m leveraging field acceleration within KVsto...
by mgaraventa_splu Splunk Employee Splunk Employee in Knowledge Management 08-03-2018
1 1
1
1
Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...