Knowledge Management

Ask a Question

Discussions

Thread Info

How to pass token form one text box to another text box?

Hi, I have two text boxes textbox1 with token name 'texttok' and textbox2 with token name 'cputok' Now, i w...

by Explorer in

Peer index without configuring master node

Hello , I have 4 VMs for splunk index peering setup, out of which i will use 1 vm for Splunk License manage, 1 for...

by Explorer in

Macros using data from search

Seems like a pretty simple thing I am trying to do but it wont work. I have some bitwise data which I want to conv...

by Builder in

Is there more information about how to take advantage of an education credit announced at .conf2016 keynote?

Hi, Just started using Splunk and attended conf 2016. Wondering how I would go about taking advantage of $5,000 ed...

by Engager in

fill_summary_index dedup issue

We are trying to use the fill_summary_index.py script to backfill times when the data isn't populated. I am finding t...

by Path Finder in

diff between same field between two iterations

Hi, I have the below sample data collected after process and using table command every 24 hours. for each time, db...

by New Member in

Best practices for writing log files that have variable number of fields

We are writing our own logs for disk usage and we are using key value pairs. The issue is that each host has a differ...

by SplunkTrust in

How to NOT open a new window when executing a workflow action?

Hello All, I would like to execute a workflow action and NOT open a new window OR same window. Does anyone have an...

by Path Finder in

What are some types of data which will not load with default settings?

I'm currently preparing for the Splunk Custom Data Load for completion of the Sales Engineer 2 certification. The dir...

by Engager in

how do you configure the search head so it sends 2 summary index data to 2 separate indexer

I have a problem with the configuration/definition of 2 separate summary indexes for storing data on to 2 separate in...

by New Member in

Is it possible to pass an event field as an argument to a macro?

Hello Fellow Splunkers, This is a question about Macros in Splunk. I was wondering if its even possible to pass field...

by Explorer in

Macro with validation isnum() does not work even if the input argument is numeric

I followed steps similar to isnum() validation to be applied on macro input argument defined on http://docs.splunk.co...

by Legend in

Macro Validation Expression Error?

I made a macro, we'll call it "test" defined as eval new_rate=$val$*$rate$ with the validation expression jus...

by Splunk Employee in

Is there a way to save sparkline data to a summary index?

Hello all, I have created a daily search search that returns summarized rows of data, including a sparkline that ...

by Contributor in

Why is my macro returning error "expected to be an eval expression that returns a string." with my current definition?

Tried many variations (enclosing arg in quotes, $, and backslash) and got many errors - mostly "expected to be an eva...

by Communicator in

How to create a search for a macro that finds events closest to a specified time?

I am attempting to create a macro that allows searchers to pass a specific time into a search command that will locat...

by Explorer in

Why is the Kvstore start failing in Splunk Version 6.5.1?

Issue: I have Splunk version 6.5.1 and it fails to start the Kvstore. The mongod.log has errors like below 2016-12...

by Splunk Employee in

Best method for working with a large SQL table?

I'm new to DB Connect and just as inexperienced with SQL, but was tasked with getting some table data in to build a f...

by Path Finder in

Reducing logs redundancy

Hi, In my project we are using Splunk mainly for performance monitoring of application and we have created a dedic...

by Path Finder in

What is splunk gold image??

I'm trying to get the more information on creating a splunk gold image for my work splunk infrastructure, give me any...

by New Member in

Selective forwarding and summary searches - any issues?

Hello, I'm experimenting with some selective forwarding and it's mostly working - I can index locally, forward and co...

by Builder in

server tags

Hi everyone I have four server. two are web portal and two are application servers. all four servers belongs to one o...

by Communicator in

How can we decide the syslog servers requirements?

What are all the major considerations we need to have while designing the syslog servers. How can we decide the serve...

by New Member in

How to do groupBy based on a field and select the ones when occurrence of a word inside the grouped By values is greater than 2

Hi, I have a requirement where I have to do a group by initially and from the groupBy values perform a search operati...

by New Member in

Can eventtypes contain macro references

I'm working on an app, and have defined various macros to allow easier customization. An example of my macros.conf ...

by Explorer in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

How to pass token form one text box to another text box?

Peer index without configuring master node

Macros using data from search

Is there more information about how to take advantage of an education credit announced at .conf2016 keynote?

fill_summary_index dedup issue

diff between same field between two iterations

Best practices for writing log files that have variable number of fields

How to NOT open a new window when executing a workflow action?

What are some types of data which will not load with default settings?

how do you configure the search head so it sends 2 summary index data to 2 separate indexer

Is it possible to pass an event field as an argument to a macro?

Macro with validation isnum() does not work even if the input argument is numeric

Macro Validation Expression Error?

Is there a way to save sparkline data to a summary index?

Why is my macro returning error "expected to be an eval expression that returns a string." with my current definition?

How to create a search for a macro that finds events closest to a specified time?

Why is the Kvstore start failing in Splunk Version 6.5.1?

Best method for working with a large SQL table?

Reducing logs redundancy

What is splunk gold image??

Selective forwarding and summary searches - any issues?

server tags

How can we decide the syslog servers requirements?

How to do groupBy based on a field and select the ones when occurrence of a word inside the grouped By values is greater than 2

Can eventtypes contain macro references

Fastest way to demo Observability

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

New Splunk TcpOutput persistent queue

Solutions: "Splunk could not get the description f...

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased...

Routing events on UF for sourcetypes with INDEXED_...

Knowledge Management

Are you a member of the Splunk Community?

Discussions