Knowledge Management

Community Activity

Is search user ownership affecting if events are saved to the summary index? Hello, I have the following Saved Search configured to run daily on a cron schedule, the scheduled job appears to be... by csyvenky Path Finder in Knowledge Management 11-12-2017 1 3	1	3
How to set up a field alias for a field that's already in the data for CIM compliance? I'm trying to create a field alias for Enterprise Security so that the category field will generate correctly in the ... by mrtolu6 Path Finder in Knowledge Management 11-10-2017 0 1	0	1
Splunk on Splunk - are there logs on Lookup csv file operations (add/delete) Issue statement: I have a lookup csv file uploaded, with permission of read/write for a user group. Today the file di... by leonjxtan Path Finder in Knowledge Management 11-08-2017 0 1	0	1
What are some use cases where it is best to use accelerated datamodels? Hi there. The only possible way to access accelerated datamodels is by using the tstats command. It is tricky to us... by markusspitzli Communicator in Knowledge Management 11-07-2017 0 3	0	3
Field alias showing improper count - splunk 4.3.2 ?? Hi , I have two field extractions like the below ones in my props.conf file.now i have created an alias for these tw... by rakesh_498115 Motivator in Knowledge Management 11-02-2017 0 3	0	3
Can I get info about these components in one place in Splunk? Hello, I am really struggling with trying to find a data source to get all the following pieces of information about ... by arpit_arora Explorer in Knowledge Management 10-27-2017 0 2	0	2
Help with knowledge objects permissions? All, Alright, don't really have my head around knowledge objects permissions. I have roughly 100 field extractions ... by daniel333 Builder in Knowledge Management 10-26-2017 0 1	0	1
Getting Proper Averages from Summary Index First, as an example, I wanted to share that I thought the Question, and responses in this SA post was excellent and ... by deastman Path Finder in Knowledge Management 10-26-2017 0 2	0	2
How to find more detail on error "Received event for unconfigured/disabled/deleted index="? I am getting messages (in the messages section, not in Splunkd) that: Search peer idxX.XXX has the following message... by lennys26 Communicator in Knowledge Management 10-23-2017 2 9	2	9
Approaches to Identifying Patterns in Outliers I would like to know what approaches to take for detecting patterns in outliers using Splunk. I'm familiar with appr... by bschaap Path Finder in Knowledge Management 10-23-2017 0 3	0	3
How can I rename fields based on source? I have data coming in from two different sources wich both contains the same fieldname. how can I tell them apart in ... by snorri Path Finder in Knowledge Management 10-23-2017 0 2	0	2
configuration file for index and summary index Hi we need your help in creating the configuration to align the requirements. we have created index for application ... by shaganga New Member in Knowledge Management 10-22-2017 0 3	0	3
Explain Data Models (Like I'm Four) I already read this Explain Data Models (Like I'm Five) But still not understand what mean Data Models and I need to... by test_qweqwe Builder in Knowledge Management 10-21-2017 0 1	0	1
Sending conditional alerts based on previous search result Following is the json log format being stored in Splunk. { data:[ { "endpoint":"ep_1", "service... by technie101 Explorer in Knowledge Management 10-18-2017 0 3	0	3
Why is an empty value from a MultiSelectInput deleting ALL the items in my KV Store? Not sure if this is a bug or what, but if I push the delete button on my dashboard and there are no values selected i... by thisissplunk Builder in Knowledge Management 10-13-2017 0 1	0	1
Is it possible to alias a command to another one? All, So we're slowly moving off of index=java to index=applicationlogs for a few reasons. Is there a way to alias i... by daniel333 Builder in Knowledge Management 10-13-2017 0 2	0	2
Splunk 6.6.2 -- writing data to custom summary index Hi all, We upgraded to 6.6.1 recently which removed the ability to write to summary indexes. With 6.6.2, this has be... by alekksi Communicator in Knowledge Management 10-11-2017 1 4	1	4
Data Model: Change Root Event Constraint returns 0 results. Hi all, I've been working on a Data Model, and have a root event with constraint: index=test_index Now, when I cha... by Tim_1 Path Finder in Knowledge Management 10-03-2017 0 3	0	3
SplunkJS: adding tokens on button click not working I'm trying to create an update an delete feature on my kvstore, but I'm having an issue where the button click doesn'... by jbouch03 Path Finder in Knowledge Management 10-02-2017 1 2	1	2
Setting field based on eventtype I do use eventtypes.conf to extract fields. Then in tags.conf I do set warning=enable for some of the fields. Some is... by lakromani Builder in Knowledge Management 10-01-2017 0 5	0	5
About log rotation best practices Now I am planning to rotate the logs being monitored by Splunk. I will also use the compress option to rotate. But ... by yutaka1005 Builder in Knowledge Management 09-27-2017 0 2	0	2
PRTG connector Hi *, Somebody out there already found a way to connect to PRTG (Paessler) ? Grtz - Will by NogNeetMachinaa Explorer in Knowledge Management 09-27-2017 2 10	2	10
Switch indexes to create a report for today and the previous 6 days? I want to create report for last 7 days data, which should take last 6 days data from the summary index and for toda... by vijaykumartcs Explorer in Knowledge Management 09-27-2017 0 4	0	4
Questions on best practices for a new Splunk environment Sorry for too many questions This is our environment 6 Splunk servers 1) splunk01 – Ad HOC Search head used for s... by hrithiktej Communicator in Knowledge Management 09-23-2017 2 9	2	9
KVstore update I have the following "Frankenstein" query that creates a lookup table, and works quite well. Replaces several inadeq... by tlmayes Contributor in Knowledge Management 09-22-2017 1 2	1	2