Knowledge Management

Start a Conversation

Discussions

Start a Conversation

Thread Info

How do I resolve a share library libpcre.so reference after an upgrade on Ubuntu Lucid 64bit

I recently update my Ubuntu 64bit system and splunk refuses to start. sudo apt-get dist-upgrade uname -a *Linux...

by Communicator in

Summary index results are limited

I’m building a report that finds the number of unique users in our activity log each day: sourcetype="accountTrans...

by Explorer in

errors while using unix tags in the search app

If i do a search within the unix app such as this: tag="access" i get plenty of results. If i perform the same search...

by Splunk Employee in

Tags not showing in this search....

Hi I have a search which is returning the tags in the display, the tags work as I report on these tags in all of our ...

by Path Finder in

Was the "edit_tags" capability removed?

Anyone know if edi_tags was removed? I'm seeing the following warning message in the logs: AuthorizationManag...

by Super Champion in

Why do my summary index events have maxtime="5m"?

Since upgrading to splunk 4.1, all of my summary indexing saved searches now include following term stuck on the end ...

by Super Champion in

Can I use n field values as field names for summary indexing?

I am running a script that, simply put, inserts a record into Splunk for each person that is using space on our stora...

by New Member in

limits on "action.summary.index" vs piping to "collect"

I've found that if I have a summarizing search using "stats" and I schedule it via the UI and use the "enable summary...

by Splunk Employee in

Single summary index match not visible with search_name?

I've got a summary index query which currently matches only one (1) event in my existing data. I've run the fill_summ...

by Path Finder in

Using summary index by default in app?

I'm writing an app that I know will index loads of data and then do some calculations on changes from day to day. To ...

by Splunk Employee in

Why are only 10,000 events making it into the summary index?

I'm having an issue with my summary index. I have a search which results in 48000+ events. I saved the search and ena...

by Splunk Employee in

Cannot automatically migrate pre 4.1 tags.conf: Clarification or Suggestion where to begin?

I just updated my indexer to 4.1 this morning and found the following in the migration log: Cannot automatica...

by SplunkTrust in

Tuning max searches on a summary indexing instance - how?

I have an instance that I've set up to only run summary searches. Essentially, its a search head but no users connect...

by Champion in

"The specified search is too large." Can somebody help me figure out what "too large" is?

A query to count tag=pci entries by eventtype (and happens to be part of the application): tag=pci | stats count b...

by Engager in

historical data on a new installation

I just installed splunk and indexed a log file with data that is from earlier this year, The summary dashboard shows ...

by Splunk Employee in

Knowledge Management

Discussions

How do I resolve a share library libpcre.so reference after an upgrade on Ubuntu Lucid 64bit

Summary index results are limited

errors while using unix tags in the search app

Tags not showing in this search....

Was the "edit_tags" capability removed?

Why do my summary index events have maxtime="5m"?

Can I use n field values as field names for summary indexing?

limits on "action.summary.index" vs piping to "collect"

Single summary index match not visible with search_name?

Using summary index by default in app?

Why are only 10,000 events making it into the summary index?

Cannot automatically migrate pre 4.1 tags.conf: Clarification or Suggestion where to begin?

Tuning max searches on a summary indexing instance - how?

"The specified search is too large." Can somebody help me figure out what "too large" is?

historical data on a new installation

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >

How do I make sure the Security Essentials takes a...

MLTK baseline search creates model in private dire...

Indexed Realtime searches with eventtypes and auto...

Code 401: Unauthorized for Splunk HTTP

Anaplan Training

Knowledge Management

Discussions

Don't miss your chance to share your Splunk wisdom in-person or virtually at .conf21!Call for Speakers hasbeen extended throughThursday, 5/20! Submit Now! >

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >