Knowledge Management

Community Activity

Splunk Rules / Enable Please elaborate on .....is what makes up the rule and how is it enabled in Splunk? Thanks RB by Munda9021 New Member in Knowledge Management 11-02-2016 0 6	0	6
What is the best practice for installing and managing apps in a distributed environment? We have Splunk installation in a distributed environment with search head clustering and indexer clustering enabled a... by jagadeeshm Contributor in Knowledge Management 10-31-2016 0 10	0	10
Question about fixing data in a summary search We have a summary search that runs every hour. I have read about the fill_summary_index.py What i want to know is h... by burwell SplunkTrust in Knowledge Management 10-26-2016 0 6	0	6
In order to retain a small subset of events for a longer retention period, is it possible to have events copied to two indexes at index time? I have a need to retain a small subset of events in an index for a longer retention period. I have all the Windows Ev... by andrewgarvin New Member in Knowledge Management 10-18-2016 0 2	0	2
Exceptions count different when compared to creating event types Hi I am a new to splunk and need help with a query: index=abc exception \| rex ".?(?(?:\w+.)+\w*?Exception)."\| stats ... by girishgene07 New Member in Knowledge Management 10-18-2016 0 1	0	1
How do I recover the data from the backed up kvstore folders/files and append it to the already accumulating data in my several KV Stores? I was able to use the following "Answers" post to get my three member SHC KV Store up and running again: https://ans... by mdwecht Path Finder in Knowledge Management 10-16-2016 0 4	0	4
Is Splunk good for storing audit logs? We have SAAS solution and we want to store system's audit logs to Splunk, an example is we provide WebHooks to our cu... by govindmalviya19 New Member in Knowledge Management 10-14-2016 0 1	0	1
Clarification on indexer retention The documentation on this topic is not clear, so I am hoping someone can answer this for me. I need to keep data for... by mcbradford Contributor in Knowledge Management 10-14-2016 0 2	0	2
Possible to create search macro using Arguments for a user list? I have a search that references 80 users in username field: index=abc EventID=4625 (username=abc OR username=def OR ... by jwalzerpitt Influencer in Knowledge Management 10-13-2016 0 11	0	11
I have a saved search scheduled to write to a summary index. How do I clear the summary index each time before the saved search is run again? I have a saved search cron-scheduled to run every hour. This will write to a summary index each time. I want to clear... by teekayx Path Finder in Knowledge Management 10-13-2016 0 3	0	3
Confused with the usage of si-commands I'm trying to dig deeper into summary indexing, but at this point I feel a bit confused. What I did so far is: - crea... by szabados Communicator in Knowledge Management 10-11-2016 0 5	0	5
What is the use for these bundle directories? Hello, I am working with a full distributed architecture: Deployement server, multi-site index cluster, search head ... by ctaf Contributor in Knowledge Management 10-04-2016 0 6	0	6
How can i filter columns based on other column value Hi, I have a created a table with columns A and B, we are using KV store to get the threshold config data and KV Sto... by jvishwak Path Finder in Knowledge Management 10-03-2016 0 3	0	3
Difference between eventgen and SA-eventgen? I am familier with the eventgen but does eventgen app and sa-eventgen are same or does they different? I'm just curio... by pavanae Builder in Knowledge Management 10-02-2016 0 1	0	1
Calculated field not showing up I created a calculated field in one sourcetype and cloned it to another sourcetype. However the other one is not show... by ashishlal82 Explorer in Knowledge Management 09-27-2016 0 4	0	4
SPLUNK doesn't pick same content with different file name. Hello, I want to monitor multiple files which contain same content but different file name. For example: counts_sy... by AKG1_old1 Builder in Knowledge Management 09-27-2016 0 1	0	1
Splunk Calculated fields Hi, I may be looking in the wrong place, but I am not able to find out information on how to use a few calculated fi... by namritha Path Finder in Knowledge Management 09-25-2016 0 2	0	2
How to write to kvstore with java sdk? We are trying to inject JSON directly into our KV Store instance while using a defined _key inside the JSON object. ... by organus Explorer in Knowledge Management 09-23-2016 0 1	0	1
Splunk Cumulative Raw Data Size vs Index Disk Usage Hi, Can someone clarify the difference between the cumulative raw data size found in the cluster settings on a splun... by crsciarri Engager in Knowledge Management 09-23-2016 1 2	1	2
Spunk forwarder scalability I'm considering usage of splunk-forwarder to integrate a system that generates many small files that contain log mess... by dimitarvalov Engager in Knowledge Management 09-21-2016 0 1	0	1
How do I close 'My Investigations' after I am done with notable events? I can see where we can create 'New Investigations', track or manage current investigations, delete or edit or remove ... by eliyyah Explorer in Knowledge Management 09-20-2016 0 3	0	3
Why can't you use a wildcard when searching for tags (tag=)? I've always known that you can't search tag= but I never knew why. Maybe the old-time splunkers can elighten me? by fmarquez-miles_ Splunk Employee in Knowledge Management 09-16-2016 0 1	0	1
Double backslash in a field value becomes single backslash in accelerated data model. How to retain the original field data with two backslashes? One of our fields stores the name of a Windows UNC path, e.g.: \\server\share (two backslashes followed by server ... by helge Builder in Knowledge Management 09-16-2016 0 2	0	2
Why indexing removes carriage return characters (0x0d)? Example data in a file which should become a multi line event: 111111 222222 Both lines end with CR+LF (0x0d+0x0a), ... by hannus Explorer in Knowledge Management 09-16-2016 0 10	0	10
How can I use the result table's value of the timechart My search: \|timechart span=1s sum(bit) by dst Result table: _time,1.1.1.1,2.2.2.2,3.3.3.3 090000,300,300,300 09000... by i111040d New Member in Knowledge Management 09-16-2016 0 4	0	4