Knowledge Management

Discussions

Thread Info

Why is kvstore update failing with code 115?

I've got a kvstore lookup who's data is updated every day from a scheduled search. I built it using the ideas that @d...

by Motivator in

Why to ever use Structured Data Header Extraction?

I am confused about when to use Structured Data Header Extraction. Am I correct in understanding that structured data...

by Path Finder in

KV Store on Heavy Forwarder

EDITED: I am building a TA. I have installed it on my Heavy Forwarder, it writes events to the Indexer. The TA uses c...

by Explorer in

How to pull data from a lookup within a date range?

I created a lookup definition, account_admin, for a csv file that I have. ark_admin - file - Time,User,Source IP,Ser...

by Path Finder in

Splunk Mobile App End of Life

Hi Guys it seems that the ios and android app was taken out of the Apple App Store and Google Playstore because it is...

by New Member in

Can other server types (clustered indexers, heavy forwarders, etc.) fetch config on initial startup (non-search heads)?

Search heads have a config option conf_deploy_fetch_url under shclustering in server.conf that causes them to, on sta...

by Path Finder in

Additional indexed fields

Splunk generally index data based on _time. We have a use case where we want to retrieve results from summary inde...

by Path Finder in

TA for IIS that follows the Common Information Model

Is there an addon(TA-iis perhaps) that follows the CIM for IIS logs?

by Motivator in

Is it possible to create a field alias on a lookup output field for mapping to the CIM model?

Hi guys, I am in the midst of trying to map the fields in my data to the splunk authentication CIM. However, I rea...

by Explorer in

Is there any way to limit the number of search results in a data model?

When searching on an index, you can pipe to "head 100" and retrieve 100 results. index=my_index cookie* | head 100...

by Explorer in

Linux servers - Universal Forwarder or Syslog

What is the best practice to capture data from our *nix servers? Install the Splunk forwarder agent and the Splunk fo...

by Engager in

SPUNK saves logs. does it fulfill STIG requirements?

When SPLUNK saves logs in raw data does it fulfill STIG requirement Full requirement of Logging: 1.Logs must be tampe...

by New Member in

Hungry Newbie: Best way to learn Splunk well efficiently (shortest amount of time)?

I am a reasonably clever, tech-savvy young man but by no means a genius. I am a very hard worker and I am planning on...

by Path Finder in

SDK DataSet Mangement

I was wondering if there is a way to upload / manage Splunk Datasets with the SDK ? I quick run through the very nice...

by New Member in

What is the max character limit for a macro?

I have a macro which does not work when invoked in a search, but does work when the contents are cut and paste direct...

by Splunk Employee in

Summary indexing

Search peer indexer has the following message: Received event for unconfigured/disabled/deleted index=voiceapp_summar...

by Explorer in

Why don't I see match_type in Lookup Definition Advanced options

I'm running Splunk 6.5. I see Min Matches, Max Matches, and Default Matches. I would like to define a lookup table th...

by Engager in

How to pass the values of an evaluated field into a summary index with collect?

Hi I am trying to adjust an existing process which collects results of a query into a summary index. What I'm tryi...

by Explorer in

To rename-and-recreate or to copy-truncate in log rotate - so that most real time data is got and no data is lost even in edge cases?

Hi, After reading: - https://answers.splunk.com/answers/49663/log-rotation-best-practices.html - https://answers.s...

by Engager in

Summary Index Backfill - Skipped

Hello I have a scheduled search that populates a summary index. I would like to backfill that summary index for the l...

by Communicator in

Is there a way to traverse a log record line by line?

I'm working on a complicated query on a single log record. Here is an example of log record: I am the log record. ...

by New Member in

Compare Fields in Data Model vs all other Available fields

Hello I'm new to Splunk and I've encountered an issue trying to figure out how to create a search query that will all...

by New Member in

How to extract events in xmlns tags

Experts, Here is my Log content and I wish to extract fields like <tns:SplunkLogs xmlns:tns=\http://www.examp...

by New Member in

How do I make macro arguments get parsed as fields instead of literals?

I am trying to create a macro that will take a field from an existing query. But when I try to call it the macro trea...

by Builder in

Renaming fields after transform.conf regex

We use a transform.conf file with regex to extract the field values. However, the field name in the data input is not...

by Communicator in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

Why is kvstore update failing with code 115?

Why to ever use Structured Data Header Extraction?

KV Store on Heavy Forwarder

How to pull data from a lookup within a date range?

Splunk Mobile App End of Life

Can other server types (clustered indexers, heavy forwarders, etc.) fetch config on initial startup (non-search heads)?

Additional indexed fields

TA for IIS that follows the Common Information Model

Is it possible to create a field alias on a lookup output field for mapping to the CIM model?

Is there any way to limit the number of search results in a data model?

Linux servers - Universal Forwarder or Syslog

SPUNK saves logs. does it fulfill STIG requirements?

Hungry Newbie: Best way to learn Splunk well efficiently (shortest amount of time)?

SDK DataSet Mangement

What is the max character limit for a macro?

Summary indexing

Why don't I see match_type in Lookup Definition Advanced options

How to pass the values of an evaluated field into a summary index with collect?

To rename-and-recreate or to copy-truncate in log rotate - so that most real time data is got and no data is lost even in edge cases?

Summary Index Backfill - Skipped

Is there a way to traverse a log record line by line?

Compare Fields in Data Model vs all other Available fields

How to extract events in xmlns tags

How do I make macro arguments get parsed as fields instead of literals?

Renaming fields after transform.conf regex

Index This | What are the 12 Days of Splunk-mas?

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Persistent queue problems

Splunk could not get the description for this even...

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased...

Routing events on UF for sourcetypes with INDEXED_...