Knowledge Management

Knowledge Management
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
MATTHEW_ORNAWKA

After changing DB locations, the KVstore is not initializing in our environment. What can I do to have MongoDB run with Splunk?

Having an issue with the KVstore not initializing in our environment. The error log from mongod.log is below I have...
by MATTHEW_ORNAWKA Observer in Knowledge Management 09-06-2018
0 5
0
5
JordanPeterson

How do you search for event types that return no results?

I have a list of event types I'm searching for based on a standard naming convention. I want to be able to return a l...
by JordanPeterson Path Finder in Knowledge Management 09-05-2018
0 4
0
4
gregbo

I've heard that once data is indexed, it cannot be modified. Is that documented somewhere?

I know that once an event is indexed, it cannot be modified. But is that specifically stated somewhere in the Docume...
by gregbo Communicator in Knowledge Management 09-05-2018
1 1
1
1
AditiKulkarni

How to delete KV Store data older than 30 days?

In our application, there is a requirement where we have to retain data in KV Store for a month (i.e. 30 days) and de...
by AditiKulkarni New Member in Knowledge Management 09-03-2018
0 4
0
4
mmichelsen

What is the maximum length for a field name?

I have a library for creating application event logs formatted as key-value pairs. It allows the caller to create ar...
by mmichelsen New Member in Knowledge Management 08-29-2018
0 1
0
1
chinmayc469

Summary Index: Why is a search that took less time before taking much longer now?

Hello, I am running a saved search(every 5 min) to populate a summary index using collect command. Now the search ...
by chinmayc469 Explorer in Knowledge Management 08-28-2018
0 0
0
0
michaelrosello

eventtype error

Why do I get this error when using eventtype? This is the eventtype configuration and I also tried running that sear...
by michaelrosello Path Finder in Knowledge Management 08-28-2018
0 7
0
7
Shan

Can you use the same macro with additional arguments for another dashboard?

Hi All, I have a macro with three Arguments. I need to us the same macro in another dashboard, but there, i need to ...
by Shan Builder in Knowledge Management 08-27-2018
0 3
0
3
sangs8788

What does bin _time span does here?

Hi, I am having a bit of difficulty understanding what does bin _time span does here. Below is query shared in splu...
by sangs8788 Communicator in Knowledge Management 08-27-2018
0 1
0
1
daniel_splunk

How can I remove a record from KVstore which is no longer required?

How can I remove a record from KVstore as that is no longer required?
by daniel_splunk Splunk Employee Splunk Employee in Knowledge Management 08-23-2018
2 2
2
2
vbumgarner

INDEXED_EXTRACTIONS on summary events?

It would be really cool to be able to have all of the fields in a summary index automatically converted to indexed fi...
by vbumgarner Contributor in Knowledge Management 08-23-2018
0 2
0
2
DavidGirsvaldas

"Collect" command doesnt work with "All time (Real-Time)"

Hi, I have a use case where I need to check for incomming events with measurements, combine and modify them and save ...
by DavidGirsvaldas Explorer in Knowledge Management 08-22-2018
0 6
0
6
drejoe

Automatic lookup, matching range field?

Hi, I would like to enriche netflow data (i.e. dst ip, dst port) with "service name", using automatic lookup. My loo...
by drejoe Explorer in Knowledge Management 08-21-2018
0 2
0
2
bschaap

Why are lookups loaded for sourcetypes that don't apply?

I noticed in search.log that there are "INFO LookupOperator - Loading lookup table=..." log events that don't apply ...
by bschaap Path Finder in Knowledge Management 08-21-2018
0 1
0
1
neermine

How to create a search template (macro) using Splunk?

Hi I need to create a search template using Splunk so I want to know what are the steps that I have to follow? must...
by neermine Path Finder in Knowledge Management 08-17-2018
0 5
0
5
mdennis0177

I do a search for an index and it finds it. I look in the web interface for indexes and it is not listed. I look in data inputs and it is listed there as an index. Why does the web interface not show it in the indexes?

I do a search for an index and it finds it. I look in the web interface for indexes and it is not listed. I look in d...
by mdennis0177 New Member in Knowledge Management 08-15-2018
0 3
0
3
Dandell

Is there any way to retrieve kv-store that was accidentally deleted?

One of my kv-store was accidentally deleted, knowing that we have not done any backup for this kv-store. Is there any...
by Dandell New Member in Knowledge Management 08-15-2018
0 1
0
1
kennethhartley1

Copy reports from one standalone machine to another the easy way. No fancy code. No virtualization. No Servers. Just a standalone machine and JUST some reports and dashboards.

I have scoured the internet in search of a simple way to copy reports and dashboards from one STANDALONE machine to a...
by kennethhartley1 Engager in Knowledge Management 08-14-2018
0 3
0
3
tkwaller_2

Why is the KVStore not loading on the search head?

On My search head I cant load the KVSTORE mongod.log says 2018-08-14T14:46:34.831Z W CONTROL No SSL certificat...
by tkwaller_2 Communicator in Knowledge Management 08-14-2018
0 1
0
1
bs000e1eu

Field Extraction updated but how to activate in Data Modell?

I have updated the Field Extraktion for some fields but the Data Modell still use the old Definition. How to make the...
by bs000e1eu New Member in Knowledge Management 08-13-2018
0 0
0
0
smstoyanov

Is it possible to monitor docker container (cpu/memory/processes usage) without outcold solutions containers?

I`m tryin to find out some solution which provide view over the containers and processes usage ?
by smstoyanov New Member in Knowledge Management 08-08-2018
0 5
0
5
AlexeySh

Is it possible to use a decision matrix in Splunk?

Hello, We export a data from our vulnerability management tool to Splunk and we’d like to evaluate the initial sever...
by AlexeySh Communicator in Knowledge Management 08-08-2018
0 3
0
3
rajneeshc1981

How to check if the automatic lookup is working?

How to check if the automatic lookup is working? Lookup is working fine how can I test auto lookup is working too?
by rajneeshc1981 Explorer in Knowledge Management 08-07-2018
0 2
0
2
bogdan_nicolesc

How do I add and delete host in Data Summary from Data Summary Splunk?

Hi there. Newbie on splunk here. I have a rookie question to ask ... In Search menu, under Data Summary, how do I a...
by bogdan_nicolesc Communicator in Knowledge Management 08-06-2018
0 8
0
8
mgaraventa_splu

Why does this error "('createIndex', domain: '5', code: '10088'): exception: cannot index parallel arrays" causes KVstore to stop working?

Hi all, I’m experiencing an unclear issue with KVstore (Splunk 6.5.6). I’m leveraging field acceleration within KVsto...
by mgaraventa_splu Splunk Employee Splunk Employee in Knowledge Management 08-03-2018
1 1
1
1
Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...