Knowledge Management

Discussions

Thread Info

Why is tag creation not working, but the field/value pair is working?

Hi Splunkers, I have this search host=slc-p-cv01 sourcetype=csv that returns what I expect. I am trying to make...

by Communicator in

What does "OAP" stand for?

I am a contractor for USPS. My role is project manager for IV and I am writing a paper on Splunk. The diagrams list "...

by New Member in

Resources to learn about statistics used in Splunk

I have a technical and mainly a security/SIEM background. So I have no issues with understanding the SPL language in ...

by New Member in

How to create a summary index to use for a search scheduled every 15 minutes, and return events from the last 24 hours?

I have created one summary index for a scheduled search that runs every 15 minutes, but I did not specify any time ra...

by Explorer in

What is the best way to assign multiple eventtypes to a field from a comma-separated list?

Our input data has a field named conditions, which is comma-separated list. We wanted to assign eventtypes to the eve...

by Builder in

Is there a Splunk functional test plan that I can run to make sure Splunk is working correctly?

Splunk Enterprise is implemented, but we would like to do testing just to make sure everything is working correctly. ...

by New Member in

Is it possible to pass "CUSTOM_URL" variable into workflow_actions.conf?

Hi all - I am building a Splunk App and have run into something I've never needed to do before... During app s...

by Contributor in

Is it possible to namespace fields to a specific index?

I am new to Splunk but i have a search query that queries more than 1 index and each index has unique fields on it. I...

by New Member in

The summary index exists, but why is the collect command not populating it with any data?

Hello Team, I am using the search below: index="existing_index" |fields field1,field2| collect index="new_index...

by New Member in

How to parametrize my search?

Hi, Can we parametrize the splunk queries? Here is the query and i want to parameterize the "-7". index=xyz sou...

by New Member in

How to specify a value in one place and use it in several searches?

I have several saved searches that contain where vehicle_distance<=100. I want to make the value of 100 tunable in on...

by Splunk Employee in

What are ways to clean up log files which are already indexed?

Hi, we have a forwarder installed in different VM's and have log files like 2016-11-01 to 2016-11-21 and all them are...

by Communicator in

splunk data model acceleration??

For example, I have accelerated the network_traffic model. The index name was network. I know that the method I...

by Path Finder in

How to best use Splunk for analyzing logs collected from Android devices?

Hi, Is there a meaningful way of using Splunk for analyzing the logs collected from Android Devices? Android logg...

by New Member in

Why does alias not always work as expected?

In my Results, for each event, I can only get field A OR field B. I created two aliases: A=C, B=C So each event shoul...

by New Member in

Why does coalesce command work in one calculated field search but not another?

Hi, First time poster. I've combed the Splunk>Answers for something related but I can't find out why coalesce work...

by Communicator in

how long does it take to repair index

is there some way to see how long does it take to repair index? Lets say for some reason the system crashed and the S...

by Explorer in

How to move knowledge objects in bulk to another app?

Any ideas on how this can be achieved? The majority of objects reside in the search app. We are getting people used t...

by Path Finder in

How do you do URL domain analysis with the Web datamodel?

I wold like to count URL domains for sites categorized as phishing or malware. The closest that I know how to do this...

by Builder in

If my index is set for 30 day retention, is it possible to have an accelerated data model for a longer period of time?

If my index is set for 30 day retention, is it possible to have a data model summary for a longer period? Is the data...

by Path Finder in

What are the main capabilities offered via Splunks API

hi guys, What are the main capabilities offered via Splunks API? and which parts of the API support extension ...

by New Member in

How to delete repeat events that upload files automatically?

How to delete repeat events that upload files automatically? When I forward files to splunk automatically, it has som...

by New Member in

summary indexing, "si-" commands

Hi! I am building up summary indexing for my reports, and while everything is working fine, I have some questions:...

by Contributor in

Splunk Rules / Enable

Please elaborate on .....is what makes up the rule and how is it enabled in Splunk? Thanks RB

by New Member in

What is the best practice for installing and managing apps in a distributed environment?

We have Splunk installation in a distributed environment with search head clustering and indexer clustering enabled a...

by Contributor in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

Why is tag creation not working, but the field/value pair is working?

What does "OAP" stand for?

Resources to learn about statistics used in Splunk

How to create a summary index to use for a search scheduled every 15 minutes, and return events from the last 24 hours?

What is the best way to assign multiple eventtypes to a field from a comma-separated list?

Is there a Splunk functional test plan that I can run to make sure Splunk is working correctly?

Is it possible to pass "CUSTOM_URL" variable into workflow_actions.conf?

Is it possible to namespace fields to a specific index?

The summary index exists, but why is the collect command not populating it with any data?

How to parametrize my search?

How to specify a value in one place and use it in several searches?

What are ways to clean up log files which are already indexed?

splunk data model acceleration??

How to best use Splunk for analyzing logs collected from Android devices?

Why does alias not always work as expected?

Why does coalesce command work in one calculated field search but not another?

how long does it take to repair index

How to move knowledge objects in bulk to another app?

How do you do URL domain analysis with the Web datamodel?

If my index is set for 30 day retention, is it possible to have an accelerated data model for a longer period of time?

What are the main capabilities offered via Splunks API

How to delete repeat events that upload files automatically?

summary indexing, "si-" commands

Splunk Rules / Enable

What is the best practice for installing and managing apps in a distributed environment?

Can’t make it to .conf25? Join us online!

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

New Splunk TcpOutput persistent queue

Solutions: "Splunk could not get the description f...

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased...

Routing events on UF for sourcetypes with INDEXED_...

Knowledge Management

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!