Knowledge Management

Community Activity

New to Summary indexing Hi Splunkers, I am pretty new to the concept of Summary indexing, would like some more detailed explanation with exa... by macadminrohit Contributor in Knowledge Management 02-06-2018 0 2	0	2
ES Tuning Question - Trying to Catagorize Known Email Servers Good day. I am trying to explicitly categorize the known e-mail servers in my network so that a notable alarm is not... by jonathangrant74 Explorer in Knowledge Management 02-05-2018 0 0	0	0
What are some of the best practices to exclude sources using inputs.conf? Collecting logs from forwarders excluding certain subfolders. Current inputs.conf is : [monitor://e:\Application\Log... by JarrettM Path Finder in Knowledge Management 02-05-2018 0 6	0	6
Why are my json data extracted twice My inputs.conf is: [monitor:///var/log/grains.log] sourcetype = grains_log disabled = 0 index = os My props.conf is... by rolfberkenbosch New Member in Knowledge Management 02-05-2018 0 5	0	5
How to delete a log by splunk api Hi, everubody I monitor some files and sometime the data in these files are updated I need to delete wrong data o... by carineconstanti New Member in Knowledge Management 02-04-2018 0 2	0	2
Whats the difference between join command search command while using subsearch? Can someone explain with scenarios please. So I am looking to join results of 2 searches and as I can see on docs.splunk there are various ways to join https:/... by varad_joshi Communicator in Knowledge Management 02-01-2018 0 3	0	3
Can I use kvstore as a web application backend? Would it makes sense to use a kvstore collection as a backend for a multi-user web applicaiton? It seems like you cou... by jedatt01 Builder in Knowledge Management 01-31-2018 1 5	1	5
How can I run a python script from a dashboard? Hello Splunkers. Can a dashboard run a python script? My scenario is: the user have a text input field to write a 1... by guimilare Communicator in Knowledge Management 01-31-2018 0 8	0	8
How to set a formula for each column in the summary row If you use table visualization during a dashboard, you can set a summary row at the bottom. The summary row simply sh... by hansot New Member in Knowledge Management 01-30-2018 0 2	0	2
Where is the proper location of user-prefs.conf? All along we used to associate the user role to its default app at /opt/splunk/etc/shcluster/apps/user-prefs/local/us... by ddrillic Ultra Champion in Knowledge Management 01-30-2018 0 2	0	2
Splunk kvstore on the splunk server as of ES 4.5.x is KV store required? by gibba Path Finder in Knowledge Management 01-29-2018 0 1	0	1
What is the meaning of index? Hey, While explaining someone about splunk, I wondered how to explain about the meaning of creating a separate index... by omerl Path Finder in Knowledge Management 01-29-2018 1 3	1	3
Using Splunk on a Mac - Currently Have Over 5,000 Sources - Help! I've been using the beleaf app to develop my Splunk knowledge. I've noticed that I am unable to control the Sources ... by ericrdecker New Member in Knowledge Management 01-26-2018 0 2	0	2
What is the maximum length of a tag and an event? What is the maximum length of a tag? What is the maximum length of an event? by atant Splunk Employee in Knowledge Management 01-25-2018 0 2	0	2
How to question mark fields How to mark the fields with a question. by harishyhrk New Member in Knowledge Management 01-25-2018 0 4	0	4
How to avoid logs sizing & prioritizing without violating the license? Hello, We have installed the splunk’s siem locally in our infrastructure. Now, we are faced with a problem of logs si... by ghassentr Engager in Knowledge Management 01-25-2018 0 3	0	3
Why inputlookup doesn't return all the values? Hello splunkers! New problem to be solved... This simple lookup \| inputlookup DOM_ServiceCatalogue is not retur... by CarmineCalo Path Finder in Knowledge Management 01-25-2018 0 10	0	10
How to erase or delete the parsed Splunk ES TI data? I set the Max_age for each threat intelligence list for the TI data retention but it is not work, so I would like to ... by owenpcyip New Member in Knowledge Management 01-25-2018 0 0	0	0
Where can I find scheduled maintenance windows for the Splunk Cloud product? Where can I find scheduled maintenance windows for the Splunk Cloud product? The AWS vulnerability patching in Januar... by ScialabbaW New Member in Knowledge Management 01-24-2018 0 2	0	2
How to do summary indexing on Splunk version 7.0.1? How to create summary indexing on Splunk version 7.0.1 because unlike Splunk 6.5.3 the ui below seems to be changed o... by mjlsnombrado Communicator in Knowledge Management 01-24-2018 0 1	0	1
how to index only some filed hi all! i'm collecting some events from windows security log. As i understand the index volume is proportional to the... by davidepala Path Finder in Knowledge Management 01-24-2018 0 4	0	4
Is there a way to turn on and off Events Splunk 7 Hi I have created the following way to turn on events Splunk 7 easly, however can turn them off. I use a eval foo="... by robertlynch2020 Influencer in Knowledge Management 01-23-2018 0 1	0	1
Can you tell when a sourcetype was created in splunk over time? Good afternoon By topics of analysis it is required to know when a sourcetype was created, I know that the confi... by aecruzp Path Finder in Knowledge Management 01-23-2018 0 6	0	6
How to find count of empty values in splunk ? How to find count of empty values in splunk ? raw events: threadId = 2695;StartTime=2017.11.12.16.50.36.036;EndTime... by karthi2809 Builder in Knowledge Management 01-22-2018 0 4	0	4
How to access to Mongo KV Store from Mongo client? Hi all, I'm using icinga to monitor my servers and I would like to use the mongo plugin to monitor the kv store. The... by dsmc_adv Path Finder in Knowledge Management 01-19-2018 3 1	3	1