Knowledge Management

Ask a Question

Discussions

Thread Info

Summary Index: Why is a search that took less time before taking much longer now?

Hello, I am running a saved search(every 5 min) to populate a summary index using collect command. Now the sear...

by Explorer in

eventtype error

Why do I get this error when using eventtype? This is the eventtype configuration and I also tried running tha...

by Path Finder in

Can you use the same macro with additional arguments for another dashboard?

Hi All, I have a macro with three Arguments. I need to us the same macro in another dashboard, but there, i need t...

by Builder in

What does bin _time span does here?

Hi, I am having a bit of difficulty understanding what does bin _time span does here. Below is query shared in sp...

by Communicator in

How can I remove a record from KVstore which is no longer required?

How can I remove a record from KVstore as that is no longer required?

by Splunk Employee in

INDEXED_EXTRACTIONS on summary events?

It would be really cool to be able to have all of the fields in a summary index automatically converted to indexed fi...

by Contributor in

"Collect" command doesnt work with "All time (Real-Time)"

Hi, I have a use case where I need to check for incomming events with measurements, combine and modify them and save ...

by Explorer in

Automatic lookup, matching range field?

Hi, I would like to enriche netflow data (i.e. dst ip, dst port) with "service name", using automatic lookup. My l...

by Explorer in

Why are lookups loaded for sourcetypes that don't apply?

I noticed in search.log that there are "INFO LookupOperator - Loading lookup table=..." log events that don't apply t...

by Path Finder in

How to create a search template (macro) using Splunk?

Hi I need to create a search template using Splunk so I want to know what are the steps that I have to follow? mu...

by Path Finder in

I do a search for an index and it finds it. I look in the web interface for indexes and it is not listed. I look in data inputs and it is listed there as an index. Why does the web interface not show it in the indexes?

I do a search for an index and it finds it. I look in the web interface for indexes and it is not listed. I look in d...

by New Member in

Is there any way to retrieve kv-store that was accidentally deleted?

One of my kv-store was accidentally deleted, knowing that we have not done any backup for this kv-store. Is there any...

by New Member in

Copy reports from one standalone machine to another the easy way. No fancy code. No virtualization. No Servers. Just a standalone machine and JUST some reports and dashboards.

I have scoured the internet in search of a simple way to copy reports and dashboards from one STANDALONE machine to a...

by Engager in

Why is the KVStore not loading on the search head?

On My search head I cant load the KVSTORE mongod.log says 2018-08-14T14:46:34.831Z W CONTROL No SSL certific...

by Communicator in

Field Extraction updated but how to activate in Data Modell?

I have updated the Field Extraktion for some fields but the Data Modell still use the old Definition. How to make the...

by New Member in

Is it possible to monitor docker container (cpu/memory/processes usage) without outcold solutions containers?

I`m tryin to find out some solution which provide view over the containers and processes usage ?

by New Member in

Is it possible to use a decision matrix in Splunk?

Hello, We export a data from our vulnerability management tool to Splunk and we’d like to evaluate the initial sev...

by Communicator in

How to check if the automatic lookup is working?

How to check if the automatic lookup is working? Lookup is working fine how can I test auto lookup is working too?

by Explorer in

How do I add and delete host in Data Summary from Data Summary Splunk?

Hi there. Newbie on splunk here. I have a rookie question to ask ... In Search menu, under Data Summary, how do...

by Communicator in

Why does this error "('createIndex', domain: '5', code: '10088'): exception: cannot index parallel arrays" causes KVstore to stop working?

Hi all, I’m experiencing an unclear issue with KVstore (Splunk 6.5.6). I’m leveraging field acceleration within KVsto...

by Splunk Employee in

Do anybody know about fields +?

What is difference between fields + and fields -?

by Path Finder in

Why is kvstore update failing with code 115?

I've got a kvstore lookup who's data is updated every day from a scheduled search. I built it using the ideas that @d...

by Motivator in

Why to ever use Structured Data Header Extraction?

I am confused about when to use Structured Data Header Extraction. Am I correct in understanding that structured data...

by Path Finder in

KV Store on Heavy Forwarder

EDITED: I am building a TA. I have installed it on my Heavy Forwarder, it writes events to the Indexer. The TA uses c...

by Explorer in

How to pull data from a lookup within a date range?

I created a lookup definition, account_admin, for a csv file that I have. ark_admin - file - Time,User,Source IP,Ser...

by Path Finder in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

Summary Index: Why is a search that took less time before taking much longer now?

eventtype error

Can you use the same macro with additional arguments for another dashboard?

What does bin _time span does here?

How can I remove a record from KVstore which is no longer required?

INDEXED_EXTRACTIONS on summary events?

"Collect" command doesnt work with "All time (Real-Time)"

Automatic lookup, matching range field?

Why are lookups loaded for sourcetypes that don't apply?

How to create a search template (macro) using Splunk?

I do a search for an index and it finds it. I look in the web interface for indexes and it is not listed. I look in data inputs and it is listed there as an index. Why does the web interface not show it in the indexes?

Is there any way to retrieve kv-store that was accidentally deleted?

Copy reports from one standalone machine to another the easy way. No fancy code. No virtualization. No Servers. Just a standalone machine and JUST some reports and dashboards.

Why is the KVStore not loading on the search head?

Field Extraction updated but how to activate in Data Modell?

Is it possible to monitor docker container (cpu/memory/processes usage) without outcold solutions containers?

Is it possible to use a decision matrix in Splunk?

How to check if the automatic lookup is working?

How do I add and delete host in Data Summary from Data Summary Splunk?

Why does this error "('createIndex', domain: '5', code: '10088'): exception: cannot index parallel arrays" causes KVstore to stop working?

Do anybody know about fields +?

Why is kvstore update failing with code 115?

Why to ever use Structured Data Header Extraction?

KV Store on Heavy Forwarder

How to pull data from a lookup within a date range?

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

New Splunk TcpOutput persistent queue

Solutions: "Splunk could not get the description f...

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased...

Routing events on UF for sourcetypes with INDEXED_...

Knowledge Management

Are you a member of the Splunk Community?

Discussions