Knowledge Management

Community Activity

Issues moving data from one index to another I was attempting to move events from one index to another using this command index=main host=gpm source=/var/log/gpm... by byu168 Path Finder in Knowledge Management 03-22-2017 0 4	0	4
Unix events shows upp in all events I have some different log sources that is being forwarded to a "main spunk server". There are some Linux servers that... by fisk12 Path Finder in Knowledge Management 03-16-2017 0 6	0	6
Would building more than one summary index suit the needs of my issue? Hi Everyone, i am getting some events from application those events are about the hospital claims. for ever... by prashanthberam Explorer in Knowledge Management 03-13-2017 0 4	0	4
How to apply "Event Actions" to multiple events simultaneously? If an event is expanded in Splunk, there is button 'Event Actions'. Its good and handy if I want to apply it on a sin... by kausar Path Finder in Knowledge Management 03-10-2017 0 1	0	1
What is the meaning of "probable_cause = eventtype" when using anomalydetection command? When using the anomalydetection command the probable cause being returned is eventtype? What does this mean? I beli... by evgiles New Member in Knowledge Management 03-09-2017 0 1	0	1
Summary search runs, has results, yet summary index remains empty This is the first time I'm setting up a summary search and I must be missing something. If I click "view recent" I c... by gabriel_vasseur Contributor in Knowledge Management 03-05-2017 0 10	0	10
How do I created a scheduled report using the collect command without populating it with partial data I'm just starting to get into summary indexes and changing over some reports that were previously long-running to use... by michaeltokar Explorer in Knowledge Management 03-05-2017 0 2	0	2
How do create indexed fields in a summary index? I'm populating a summary index with data that I would like to be able to search very quickly using tstats. I've got ... by Lowell Super Champion in Knowledge Management 03-05-2017 0 9	0	9
Accelerated report usage in other searches Hi , How can i use the accelerated report in other search .I mean by directly including the name like macro will be ... by umsundar2015 Path Finder in Knowledge Management 03-04-2017 0 3	0	3
Missing permissions in data model My Splunk instance is missing the full permissions options when attempting to edit permissions on a data model. In m... by ktneely New Member in Knowledge Management 03-04-2017 0 2	0	2
What are the best practices for indexing MASSIVE proxylogs? At my organization, we often need to research older information in massive proxylogs - about a billion records a day,... by DalJeanis Legend in Knowledge Management 03-03-2017 1 1	1	1
How do I bulk load a kvstore without having to have a curl command for each entry? I finally got my head wrapped around kvstore and how I can benefit from it. I have a bunch of data to load into a kvs... by brent_weaver Builder in Knowledge Management 03-01-2017 0 2	0	2
to list the tags pertaining to some name I'm trying to search tags created as "tag::source". This returns data: "tag::source"=$hostlabel$_* \| stats count by... by piyush_annadate New Member in Knowledge Management 03-01-2017 0 4	0	4
how to run splunk diag , and what to exclude from the diag Hi team , I want to run a diag , have seen documentation from http://docs.splunk.com/Documentation/Splunk/6.5.2/Trou... by Koushik_Katta Explorer in Knowledge Management 02-23-2017 0 3	0	3
We've been having issues with our DC's sending to much information across to Splunk. We are currently pulling windows security events from multiple Windows domain controllers and received issues with th... by rushmere New Member in Knowledge Management 02-21-2017 0 1	0	1
How do I obtain the MD5 hash for UF downloads? Splunk publishes the checksum for the MD5 hash via the downloads page for the particular download you requested. by sgarvin55 Splunk Employee in Knowledge Management 02-21-2017 1 1	1	1
Best practices for installing Splunk with a NAS Hey there I want to install Splunk (standalone) on one machine that's got a NAS drive mounted. I know best practices ... by olivier120987 New Member in Knowledge Management 02-21-2017 0 2	0	2
Splunk saving P98 into summary index as NOT a number Hello gents and ladies, I am trying to write response time P98 to summary index. I do: \| stats p98(response_time) an... by silversson New Member in Knowledge Management 02-20-2017 0 3	0	3
what directory to run rpm -e command from? I've tried where I've installed from, where I've installed splunk, but none seem to work. It keeps telling me it isn'... by TimEek Path Finder in Knowledge Management 02-16-2017 0 2	0	2
How to know the user role in splunk How can I know if I am just a normal user or Power user of the splunk i am using in my department without asking in p... by pradjswl Explorer in Knowledge Management 02-13-2017 1 8	1	8
Which macro instance Splunk runs? Suppose I have 3 macros of the same name, one defined for user admin, other for application MyApp and the third one ... by mdzmuran Observer in Knowledge Management 02-10-2017 0 4	0	4
How can I create a Macro with multiple arguments? Hi I want to create a macro with at least 1 argument and maximum 20 arguments. So I created 20 macros. (See example ... by raymondc Engager in Knowledge Management 02-09-2017 0 1	0	1
Sending alert if summary index fails I have a scheduled search running every night to populate a summary index. This works well, but sometimes no data is... by richgalloway SplunkTrust in Knowledge Management 02-09-2017 1 2	1	2
Sorting results by time when an event was tagged I collect data over a period of time and one in the team can add a tag to collected events; and some of the events we... by cr019283 New Member in Knowledge Management 02-08-2017 0 3	0	3
Why am I getting data model acceleration error "Failed to contact the server endpoint https://127.0.0.1:8089 from touchSummary()" in Hunk 6.4? Hi All I work with Hunk 6.4 and I have an error message in splunkd.log when a Data Model is accelerating. ERROR Tsi... by tony_alibelli New Member in Knowledge Management 02-08-2017 0 3	0	3