Knowledge Management

Knowledge Management
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
Adam_Sealey

Can eventtypes contain macro references

I'm working on an app, and have defined various macros to allow easier customization. An example of my macros.conf [...
by Adam_Sealey Explorer in Knowledge Management 12-30-2016
1 7
1
7
TiagoTLD1

How to combine two accelerated saved searches to access the summary indexes of both searches?

Hello, I have two searches, A and B, and they are accelerated. When I run A or B separately, job inspector shows th...
by TiagoTLD1 Communicator in Knowledge Management 12-28-2016
0 9
0
9
HCadmins

Why is tag creation not working, but the field/value pair is working?

Hi Splunkers, I have this search host=slc-p-cv01 sourcetype=csv that returns what I expect. I am trying to make a t...
by HCadmins Communicator in Knowledge Management 12-22-2016
0 6
0
6
tjcooney2

What does "OAP" stand for?

I am a contractor for USPS. My role is project manager for IV and I am writing a paper on Splunk. The diagrams list ...
by tjcooney2 New Member in Knowledge Management 12-22-2016
0 2
0
2
certifsan

Resources to learn about statistics used in Splunk

I have a technical and mainly a security/SIEM background. So I have no issues with understanding the SPL language in ...
by certifsan New Member in Knowledge Management 12-21-2016
0 7
0
7
prashanthberam

How to create a summary index to use for a search scheduled every 15 minutes, and return events from the last 24 hours?

I have created one summary index for a scheduled search that runs every 15 minutes, but I did not specify any time ra...
by prashanthberam Explorer in Knowledge Management 12-17-2016
0 10
0
10
arkadyz1

What is the best way to assign multiple eventtypes to a field from a comma-separated list?

Our input data has a field named conditions, which is comma-separated list. We wanted to assign eventtypes to the eve...
by arkadyz1 Builder in Knowledge Management 12-15-2016
0 1
0
1
schmancy77

Is there a Splunk functional test plan that I can run to make sure Splunk is working correctly?

Splunk Enterprise is implemented, but we would like to do testing just to make sure everything is working correctly....
by schmancy77 New Member in Knowledge Management 12-07-2016
0 1
0
1
himynamesdave

Is it possible to pass "CUSTOM_URL" variable into workflow_actions.conf?

Hi all - I am building a Splunk App and have run into something I've never needed to do before... During app setup...
by himynamesdave Contributor in Knowledge Management 12-07-2016
0 3
0
3
tragiccode

Is it possible to namespace fields to a specific index?

I am new to Splunk but i have a search query that queries more than 1 index and each index has unique fields on it. ...
by tragiccode New Member in Knowledge Management 12-06-2016
0 3
0
3
manisha_maxonic

The summary index exists, but why is the collect command not populating it with any data?

Hello Team, I am using the search below: index="existing_index" |fields field1,field2| collect index="new_index" ...
by manisha_maxonic New Member in Knowledge Management 12-05-2016
0 3
0
3
sramya1234

How to parametrize my search?

Hi, Can we parametrize the splunk queries? Here is the query and i want to parameterize the "-7". index=xyz sourcet...
by sramya1234 New Member in Knowledge Management 11-29-2016
0 2
0
2
plucas_splunk

How to specify a value in one place and use it in several searches?

I have several saved searches that contain where vehicle_distance<=100. I want to make the value of 100 tunable in on...
by plucas_splunk Splunk Employee Splunk Employee in Knowledge Management 11-25-2016
0 3
0
3
rajgowd1

What are ways to clean up log files which are already indexed?

Hi, we have a forwarder installed in different VM's and have log files like 2016-11-01 to 2016-11-21 and all them are...
by rajgowd1 Communicator in Knowledge Management 11-21-2016
0 3
0
3
kedjjang

splunk data model acceleration??

For example, I have accelerated the network_traffic model. The index name was network. I know that the method I kno...
by kedjjang Path Finder in Knowledge Management 11-21-2016
0 1
0
1
gvc678

How to best use Splunk for analyzing logs collected from Android devices?

Hi, Is there a meaningful way of using Splunk for analyzing the logs collected from Android Devices? Android loggin...
by gvc678 New Member in Knowledge Management 11-17-2016
0 1
0
1
marcus_doron

Why does alias not always work as expected?

In my Results, for each event, I can only get field A OR field B. I created two aliases: A=C, B=C So each event shou...
by marcus_doron New Member in Knowledge Management 11-15-2016
0 1
0
1
_jgpm_

Why does coalesce command work in one calculated field search but not another?

Hi, First time poster. I've combed the Splunk>Answers for something related but I can't find out why coalesce works ...
by _jgpm_ Communicator in Knowledge Management 11-14-2016
0 5
0
5
lu

how long does it take to repair index

is there some way to see how long does it take to repair index? Lets say for some reason the system crashed and the S...
by lu Explorer in Knowledge Management 11-12-2016
0 4
0
4
nwales

How to move knowledge objects in bulk to another app?

Any ideas on how this can be achieved? The majority of objects reside in the search app. We are getting people used t...
by nwales Path Finder in Knowledge Management 11-09-2016
1 4
1
4
MonkeyK

How do you do URL domain analysis with the Web datamodel?

I wold like to count URL domains for sites categorized as phishing or malware. The closest that I know how to do th...
by MonkeyK Builder in Knowledge Management 11-08-2016
0 2
0
2
pmeyerson

If my index is set for 30 day retention, is it possible to have an accelerated data model for a longer period of time?

If my index is set for 30 day retention, is it possible to have a data model summary for a longer period? Is the dat...
by pmeyerson Path Finder in Knowledge Management 11-08-2016
0 1
0
1
dave_smith

What are the main capabilities offered via Splunks API

hi guys, What are the main capabilities offered via Splunks API? and which parts of the API support extension to t...
by dave_smith New Member in Knowledge Management 11-07-2016
0 3
0
3
zhimeng_yu1506

How to delete repeat events that upload files automatically?

How to delete repeat events that upload files automatically? When I forward files to splunk automatically, it has so...
by zhimeng_yu1506 New Member in Knowledge Management 11-05-2016
0 3
0
3
guilhem

summary indexing, "si-" commands

Hi! I am building up summary indexing for my reports, and while everything is working fine, I have some questions: ...
by guilhem Contributor in Knowledge Management 11-03-2016
3 4
3
4
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...