Knowledge Management

Community Activity

Switch indexes to create a report for today and the previous 6 days? I want to create report for last 7 days data, which should take last 6 days data from the summary index and for toda... by vijaykumartcs Explorer in Knowledge Management 09-27-2017 0 4	0	4
Questions on best practices for a new Splunk environment Sorry for too many questions This is our environment 6 Splunk servers 1) splunk01 – Ad HOC Search head used for s... by hrithiktej Communicator in Knowledge Management 09-23-2017 2 9	2	9
KVstore update I have the following "Frankenstein" query that creates a lookup table, and works quite well. Replaces several inadeq... by tlmayes Contributor in Knowledge Management 09-22-2017 1 2	1	2
Is this possible -- summary index replication in indexer cluster Can we do summary index replication in indexer cluster by using replication_factor and search factor by kml_uvce Builder in Knowledge Management 09-21-2017 0 3	0	3
Problem when updating the KV Store -- some filtered events are lost Hi all, We have about 15 Kvstores running ok but sometimes I detect that we had a update problem because we don't ha... by Javip Path Finder in Knowledge Management 09-21-2017 0 1	0	1
Using per_second with summary index not working I have a saved search: source=/opt/app/workload/MCRRepo//.csv \| rex "(?.),(?.),(?.),(?.),(?.),(?.)" \| search... by techols New Member in Knowledge Management 09-10-2017 0 2	0	2
inputlookup from CSV inside macro -- why doesn't this work as a base search? I have a lookup file called us_customers.csv that contains a single field: customer. I would like to filter the resu... by dorrfg Engager in Knowledge Management 09-10-2017 1 4	1	4
How to clear dependent value when start new search Hi guys, please help me, I have 2 tables, one of them is hidden and shows contents when I click on parameter "time" i... by simmppllee New Member in Knowledge Management 09-10-2017 0 10	0	10
Knowledge Object vs. Global Knolwedge Object Whats is the difference between Knowledge Object and Global Knowlege Object? and who can able to create Global Knowle... by harshalbhagat New Member in Knowledge Management 09-06-2017 0 1	0	1
Datamodel Acceleration: How to make DM acceleration searches fast? This query is for advanced tuning of Splunk Tiers so that the DM acceleration queries can run fast http://docs.splunk... by koshyk Super Champion in Knowledge Management 09-04-2017 0 3	0	3
How can I pull two lists of hosts from a datamodel and from metadata search in one search? I am trying to concatinate two searches that I already have working. One pulls host list from an Asset List in the PC... by mattbellezza Explorer in Knowledge Management 09-01-2017 0 5	0	5
Can I store data at the index layer so isolated search heads can access it? I am building up Splunk content for our product in Splunk. I am building a dashboard to count events, which are many.... by brent_weaver Builder in Knowledge Management 08-31-2017 0 3	0	3
What do we mean by multiple root event search in Data Model Acceleration? Hello to all the Splunkers! I have an very important question which needs to be addressed before we do an uplift of ... by inderjot_rasila Explorer in Knowledge Management 08-31-2017 0 3	0	3
How our resources are being utilized Today I did a cool exercise. I went to the data repository section for Montgomery County (MD) and I downloaded the d... by mhouse3 Path Finder in Knowledge Management 08-29-2017 0 1	0	1
Can Splunk Enterprise Security use macros from another app? I'm trying to create a correlation search that uses a macro from a custom application, but when I try to save it, I g... by khagan Path Finder in Knowledge Management 08-28-2017 0 2	0	2
Substitute alias for linux hosthame Splunk searches return hostname by default -- where hostname is the value returned the linux command hostname. We hav... by jamesoconnell Path Finder in Knowledge Management 08-18-2017 0 10	0	10
Summary indexing and multiple transforming commands Hi all, I have a search that runs over eventdata from a website that runs over a few weeks of data. It should return... by JacobPN Path Finder in Knowledge Management 08-16-2017 0 3	0	3
workflow action to polpulate macro how to create a workflow action to populate a macro? Use a workflow action to grab hostname/IP from event and pass t... by coreyf311 Path Finder in Knowledge Management 08-08-2017 0 1	0	1
Replication Factor Best Practice? Our index cluster has doubled over the last year. As we added members to the cluster we never looked at whether or no... by nbayko Explorer in Knowledge Management 08-03-2017 0 2	0	2
Bug in alert condition when summary index enabled? Hi All, If you create a saved search in the web interface and then set the alert condition to 'if custom condition i... by phoenixdigital Builder in Knowledge Management 08-03-2017 1 4	1	4
Categorizing tags I have tags for the name of cameras and then tags for the status of the cameras that I created through eventtypes. Bo... by sarahw3 Explorer in Knowledge Management 08-01-2017 0 8	0	8
Can someone please let me know the step by step process of configuring the Splunk Universal Forwarder for Windows? I have some logs in my localhost which i need to push to Splunk using the forwarder. Please help. by anuj1630 New Member in Knowledge Management 08-01-2017 0 2	0	2
It is correct to back up all the buckets all days? hello everyone!! I have a customer that backup the whole buckets structure (hot-warm-cold) all days. (yes, its horri... by lightech1 Path Finder in Knowledge Management 08-01-2017 0 9	0	9
best practice multiple eventID 4624 for one logon Hi, i try to identify how often a user account was loged on. the problem is that the DC generates multible 4624 in v... by Aufex Explorer in Knowledge Management 08-01-2017 0 1	0	1
Search for data that has not been tagged I have just created 71 eventtypes and I want to see if I left any out. In each eventtype I gave it a tag. In the sear... by sarahw3 Explorer in Knowledge Management 07-31-2017 0 2	0	2