Knowledge Management

Discussions

Thread Info

processing of Mainframe logs

the logs we're interested in from the mainframe are from java WebSphere applications running on Z/os. They're in asc...

by Splunk Employee in

Looking for the Forecasting Code/Macro from Mike Fisher's Splunk Conf 2016 Presentation

Ok, I found this great post from Conf 2016 by Mike Fisher about using Splunk for forecasting: https://conf.splunk.com...

by Motivator in

KV Store: Fatal Assertion - Write to OpLog failed

We are running Splunk 6.5.1, and on one of our standalone search heads, upon every restart of splunkd we get the foll...

by Contributor in

how to start mongo db in splunk

how to start mongo db in splunk ? I checked in logs that mongodb is down in one of our servers

by Path Finder in

how to index a csv file which is not in a correct format

Hi , Here is my scenario, I have to index the below csv file, where the format looks like this , confused with the ...

by Explorer in

How to bring "Page Fault per Operation" value to normal state ?

I couldnt find any mention about this particular topic anywhere, hence posting this question. Currently, on the Se...

by Motivator in

delete an orphaned knowledge object

I know how to reassign an orphaned object How to delete an orphaned search/knowledge object

by Path Finder in

How to create a summary table with number of calls and percentage

Hi, Can anyone help write a query where it can display User | Number of calls current week | number of calls l...

by Explorer in

How to add events to an index like logevents but without using alert (using a search for instance)?

Hello guys, how to add events to an index like logevents but without using alert (using a search for instance)? ...

by Motivator in

Overview of events and feeds coming in

Is there a quick way on getting a list of all events coming in and all feeds coming in? Would it also be possible ...

by Explorer in

dropdown token argument to macro argument

Am using a macro with 1 argument and while calling it to update my table with values am passing query as mymacro(arg1...

by Communicator in

How can I prevent adding duplicate events when indexing via scheduled reports to a summary index?

I currently have a saved search configured to write its results to a summary index. This search is scheduled to run a...

by Path Finder in

What are best practices and uses for data models?

Sometimes in my Splunk Education I need repeating some things for myself. Today it's Data Model. I have used Data Mod...

by Builder in

Extracting the date from a filename without modifying the datetime.xml

Hi, I'm trying to extract the date from a filename without having to configure the config.file, i want to be able ...

by Path Finder in

How do you write a correlation search with a data model?

Hello my little friends. I have logs from tomcat and they joined Web Data Model, so that means that I can write corre...

by Builder in

String concatentation (strcat command) is duplicating results

Hi, I have this data Properties: { [-] analyticsConfigs: { [+] } appVersio...

by Motivator in

How to format a metrics_csv file for a metrics index?

Hello, I would like to know what kind of format does a CSV file need to follow in order to feed it to a metric ind...

by Explorer in

Extracting Text/Field from _raw Microsoft Event For Failed Backups

Greetings, I want to run a report/alert when a MSSQL backup job has failed. It looks like the info I want is only ...

by Path Finder in

Can I populate a macro from search results?

Hi, I am trying to take the results of a search that returns 1000 machines and search for them in an index. Not su...

by Engager in

Search driven by KVStore parameters

I have a set of events similar to below and a working search for a single ID value of 133. My next step is to make th...

by Explorer in

Continuous Evaluate File

Can I set csv file as input in local monitor as continuous monitor. I tried to set a file but it seems it is not w...

by Path Finder in

Is it possible to perform field extraction on a string inside a JSON object?

Given a log in JSON format, such as: { a: "some data", b: "some more data", c: "field1=data1 \t field2=data2" } Ho...

by New Member in

Use field as _time in lookup does not work

Hi to all, i have a csv like: host,last_report_time host1,2017-07-28-14.23.00.000000 host2,2017-11-15-06.44.00.000...

by Communicator in

ImportError: No module named site when training own data with Sentiment Analysis App

I'm trying to create a model based on my own data using the Sentiment Analysis App. Apparently there isn't much docum...

by New Member in

Error in model "Network_Resolution" Cannot add field 'reply_code_id' because it already exists

Error in model "Network_Resolution" : Cannot add field 'reply_code_id' because it already exists in object 'DNS'. It'...

by Builder in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

processing of Mainframe logs

Looking for the Forecasting Code/Macro from Mike Fisher's Splunk Conf 2016 Presentation

KV Store: Fatal Assertion - Write to OpLog failed

how to start mongo db in splunk

how to index a csv file which is not in a correct format

How to bring "Page Fault per Operation" value to normal state ?

delete an orphaned knowledge object

How to create a summary table with number of calls and percentage

How to add events to an index like logevents but without using alert (using a search for instance)?

Overview of events and feeds coming in

dropdown token argument to macro argument

How can I prevent adding duplicate events when indexing via scheduled reports to a summary index?

What are best practices and uses for data models?

Extracting the date from a filename without modifying the datetime.xml

How do you write a correlation search with a data model?

String concatentation (strcat command) is duplicating results

How to format a metrics_csv file for a metrics index?

Extracting Text/Field from _raw Microsoft Event For Failed Backups

Can I populate a macro from search results?

Search driven by KVStore parameters

Continuous Evaluate File

Is it possible to perform field extraction on a string inside a JSON object?

Use field as _time in lookup does not work

ImportError: No module named site when training own data with Sentiment Analysis App

Error in model "Network_Resolution" Cannot add field 'reply_code_id' because it already exists

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

New Splunk TcpOutput persistent queue

Solutions: "Splunk could not get the description f...

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased...

Routing events on UF for sourcetypes with INDEXED_...

Knowledge Management

Are you a member of the Splunk Community?

Discussions