Knowledge Management

Discussions

Thread Info

IIS, Visitor sessions & summary indexing - oh my!

I need help figuring out how to store visitor session info into a summary index. First, what I want to be able to ...

by Explorer in

How do I maintain quality of the summary index?

You can you backfill to fill in missing pieces, but what happens when splunk or syslog run behind and events run part...

by Explorer in

GET Workflow Action - define different URI based on host value?

I am trying to configure a GET workflow action that decodes a session Id. The problem is that you have to pass the co...

by New Member in

Debugging summary indexes

Hi, I use summary indexing alot in my custom app. Recently I created a second app and added a summary index. The s...

by Path Finder in

Remove Old Summary Index

Hi - does anyone know how to remove old summary index data? I have a few summary indexes saved in the system that was...

by Path Finder in

Summary Index search problems

My scheduled search: [Summary Logins Per Second] action.summary_index = 1 action.summary_index._name = lgn-stats c...

by Influencer in

n00b question - splunk server is only host with indexing volume according to lic report

Why does the Splunk server show up as the only host indexing? We're running 3.x and our free lic is shot because it l...

by New Member in

How do I resolve a share library libpcre.so reference after an upgrade on Ubuntu Lucid 64bit

I recently update my Ubuntu 64bit system and splunk refuses to start. sudo apt-get dist-upgrade uname -a *Linux...

by Communicator in

Summary index results are limited

I’m building a report that finds the number of unique users in our activity log each day: sourcetype="accountTrans...

by Explorer in

errors while using unix tags in the search app

If i do a search within the unix app such as this: tag="access" i get plenty of results. If i perform the same search...

by Splunk Employee in

Tags not showing in this search....

Hi I have a search which is returning the tags in the display, the tags work as I report on these tags in all of our ...

by Path Finder in

Was the "edit_tags" capability removed?

Anyone know if edi_tags was removed? I'm seeing the following warning message in the logs: AuthorizationManag...

by Super Champion in

Why do my summary index events have maxtime="5m"?

Since upgrading to splunk 4.1, all of my summary indexing saved searches now include following term stuck on the end ...

by Super Champion in

Can I use n field values as field names for summary indexing?

I am running a script that, simply put, inserts a record into Splunk for each person that is using space on our stora...

by New Member in

limits on "action.summary.index" vs piping to "collect"

I've found that if I have a summarizing search using "stats" and I schedule it via the UI and use the "enable summary...

by Splunk Employee in

Single summary index match not visible with search_name?

I've got a summary index query which currently matches only one (1) event in my existing data. I've run the fill_summ...

by Path Finder in

Using summary index by default in app?

I'm writing an app that I know will index loads of data and then do some calculations on changes from day to day. To ...

by Splunk Employee in

Why are only 10,000 events making it into the summary index?

I'm having an issue with my summary index. I have a search which results in 48000+ events. I saved the search and ena...

by Splunk Employee in

Cannot automatically migrate pre 4.1 tags.conf: Clarification or Suggestion where to begin?

I just updated my indexer to 4.1 this morning and found the following in the migration log: Cannot automatica...

by SplunkTrust in

Tuning max searches on a summary indexing instance - how?

I have an instance that I've set up to only run summary searches. Essentially, its a search head but no users connect...

by Champion in

Knowledge Management

Discussions

IIS, Visitor sessions & summary indexing - oh my!

How do I maintain quality of the summary index?

GET Workflow Action - define different URI based on host value?

Debugging summary indexes

Remove Old Summary Index

Summary Index search problems

n00b question - splunk server is only host with indexing volume according to lic report

How do I resolve a share library libpcre.so reference after an upgrade on Ubuntu Lucid 64bit

Summary index results are limited

errors while using unix tags in the search app

Tags not showing in this search....

Was the "edit_tags" capability removed?

Why do my summary index events have maxtime="5m"?

Can I use n field values as field names for summary indexing?

limits on "action.summary.index" vs piping to "collect"

Single summary index match not visible with search_name?

Using summary index by default in app?

Why are only 10,000 events making it into the summary index?

Cannot automatically migrate pre 4.1 tags.conf: Clarification or Suggestion where to begin?

Tuning max searches on a summary indexing instance - how?

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >

PLC & HMI Monitoring

Qradar to splunk Migration

How do I make sure the Security Essentials takes a...

MLTK baseline search creates model in private dire...

Indexed Realtime searches with eventtypes and auto...

Knowledge Management

Discussions

Don't miss your chance to share your Splunk wisdom in-person or virtually at .conf21!Call for Speakers hasbeen extended throughThursday, 5/20! Submit Now! >

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >