Knowledge Management

Ask a Question

Discussions

Thread Info

Additional indexed fields

Splunk generally index data based on _time. We have a use case where we want to retrieve results from summary inde...

by Path Finder in

TA for IIS that follows the Common Information Model

Is there an addon(TA-iis perhaps) that follows the CIM for IIS logs?

by Motivator in

Is it possible to create a field alias on a lookup output field for mapping to the CIM model?

Hi guys, I am in the midst of trying to map the fields in my data to the splunk authentication CIM. However, I rea...

by Explorer in

Is there any way to limit the number of search results in a data model?

When searching on an index, you can pipe to "head 100" and retrieve 100 results. index=my_index cookie* | head 100...

by Explorer in

Linux servers - Universal Forwarder or Syslog

What is the best practice to capture data from our *nix servers? Install the Splunk forwarder agent and the Splunk fo...

by Engager in

SPUNK saves logs. does it fulfill STIG requirements?

When SPLUNK saves logs in raw data does it fulfill STIG requirement Full requirement of Logging: 1.Logs must be tampe...

by New Member in

Hungry Newbie: Best way to learn Splunk well efficiently (shortest amount of time)?

I am a reasonably clever, tech-savvy young man but by no means a genius. I am a very hard worker and I am planning on...

by Path Finder in

SDK DataSet Mangement

I was wondering if there is a way to upload / manage Splunk Datasets with the SDK ? I quick run through the very nice...

by New Member in

What is the max character limit for a macro?

I have a macro which does not work when invoked in a search, but does work when the contents are cut and paste direct...

by Splunk Employee in

Summary indexing

Search peer indexer has the following message: Received event for unconfigured/disabled/deleted index=voiceapp_summar...

by Explorer in

Why don't I see match_type in Lookup Definition Advanced options

I'm running Splunk 6.5. I see Min Matches, Max Matches, and Default Matches. I would like to define a lookup table th...

by Engager in

How to pass the values of an evaluated field into a summary index with collect?

Hi I am trying to adjust an existing process which collects results of a query into a summary index. What I'm tryi...

by Explorer in

To rename-and-recreate or to copy-truncate in log rotate - so that most real time data is got and no data is lost even in edge cases?

Hi, After reading: - https://answers.splunk.com/answers/49663/log-rotation-best-practices.html - https://answers.s...

by Engager in

Summary Index Backfill - Skipped

Hello I have a scheduled search that populates a summary index. I would like to backfill that summary index for the l...

by Communicator in

Is there a way to traverse a log record line by line?

I'm working on a complicated query on a single log record. Here is an example of log record: I am the log record. ...

by New Member in

Compare Fields in Data Model vs all other Available fields

Hello I'm new to Splunk and I've encountered an issue trying to figure out how to create a search query that will all...

by New Member in

How to extract events in xmlns tags

Experts, Here is my Log content and I wish to extract fields like <tns:SplunkLogs xmlns:tns=\http://www.examp...

by New Member in

How do I make macro arguments get parsed as fields instead of literals?

I am trying to create a macro that will take a field from an existing query. But when I try to call it the macro trea...

by Builder in

Renaming fields after transform.conf regex

We use a transform.conf file with regex to extract the field values. However, the field name in the data input is not...

by Communicator in

Why does "show source" omit lines

We have large events that show the entire event data, but when we select "show source" it shows several omitted lines...

by Path Finder in

how to download a heavy forwarder on my mac to test a use case ?

Any link please ?

by New Member in

Order of Search terms - Does it matter?

Recently I was working on a lab module 12 - question 22: Search the web application data for all events where a user ...

by Explorer in

Is there any documentation available to explain commands like splunk bootstrap?

I am new to splunk , need this to setup my cluster . I want to understand search head and what required in search hea...

by Path Finder in

Picking the right HDD, SSD

Hello everyone, Could anyone post a typical HDD profile detailing what a medium and high end HDD could be for Splu...

by Super Champion in

Summary index approach with aggregate data

Hello, I would like to summarize some data with aggregated statistic results. When I summarize a search like (s...

by Path Finder in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

Additional indexed fields

TA for IIS that follows the Common Information Model

Is it possible to create a field alias on a lookup output field for mapping to the CIM model?

Is there any way to limit the number of search results in a data model?

Linux servers - Universal Forwarder or Syslog

SPUNK saves logs. does it fulfill STIG requirements?

Hungry Newbie: Best way to learn Splunk well efficiently (shortest amount of time)?

SDK DataSet Mangement

What is the max character limit for a macro?

Summary indexing

Why don't I see match_type in Lookup Definition Advanced options

How to pass the values of an evaluated field into a summary index with collect?

To rename-and-recreate or to copy-truncate in log rotate - so that most real time data is got and no data is lost even in edge cases?

Summary Index Backfill - Skipped

Is there a way to traverse a log record line by line?

Compare Fields in Data Model vs all other Available fields

How to extract events in xmlns tags

How do I make macro arguments get parsed as fields instead of literals?

Renaming fields after transform.conf regex

Why does "show source" omit lines

how to download a heavy forwarder on my mac to test a use case ?

Order of Search terms - Does it matter?

Is there any documentation available to explain commands like splunk bootstrap?

Picking the right HDD, SSD

Summary index approach with aggregate data

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

Alerting Best Practices: How to Create Good Detectors

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Persistent queue problems

Splunk could not get the description for this even...

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased...

Routing events on UF for sourcetypes with INDEXED_...