Knowledge Management

Community Activity

How can I use the result table's value of the timechart My search: \|timechart span=1s sum(bit) by dst Result table: _time,1.1.1.1,2.2.2.2,3.3.3.3 090000,300,300,300 09000... by i111040d New Member in Knowledge Management 09-16-2016 0 4	0	4
How to update events with new key/value pairs on a per event basis? Hi Splunkers, I was wondering if someone could shed some insight on whether this is even possible with Splunk, if so... by splunker1981 Path Finder in Knowledge Management 09-15-2016 0 3	0	3
How to and where can I add the timeformat string to a saved macro? Splunk version: 6.4 Localization specifier in the URL : en_US search 1: earliest="01/08/2016:00:00:01" latest="01... by pavanae Builder in Knowledge Management 09-14-2016 0 3	0	3
Solve the scenario by creating a macro or through macros.conf? when any splunk search runs with the word "getABCsWin"(in any dashboard or alert etc etc). I want the string timeform... by pavanae Builder in Knowledge Management 09-13-2016 0 2	0	2
New ports open in Splunk 6, how are they utilized? At the "About upgrading to 6.2 - READ THIS FIRST" page, it states: "This opens two network ports by default on the lo... by pkhalsa New Member in Knowledge Management 09-13-2016 0 5	0	5
What is the purpose of macros.conf, and what is the path for it? What is macros.conf and what is its use? What could be the path for macros.conf? by pavanae Builder in Knowledge Management 09-12-2016 0 1	0	1
Can I have multiple searches collecting (using the collect command) to the same index? Can I have multiple searches collecting (using the collect command) to the same index? The number of searches can be ... by mIliofotou_splu Splunk Employee in Knowledge Management 09-09-2016 0 4	0	4
Too complex for tags? I want to create a tag that involves two extracted fields and a combination of AND/OR statements, see example below. ... by jedatt01 Builder in Knowledge Management 09-09-2016 0 2	0	2
What are best practices for handling data in a Splunk staging environment that needs to go to production? All, We use a Splunk staging environment to test system upgrades and fine-tune props and transforms before deployin... by jtacy Builder in Knowledge Management 09-08-2016 0 11	0	11
How can I periodically update KV store collection programmatically from TA input? Up till now, I am using csv file lookup. An input runs every day, and updates this CSV file. This must happen in orde... by prabhasgupte Communicator in Knowledge Management 09-07-2016 0 1	0	1
How can we change SPLUNK web url? Hello guys, I want to change the web url of splunk server so server name is invisible from end users. Bydefault, we... by AKG1_old1 Builder in Knowledge Management 09-06-2016 0 1	0	1
doing a summary index - getting started - my first time I have a search ...\|timechart span=d sum(kpi1) sum(kpi2) max(kpi3) max(kpi4) \| foreach * [eval <<FIELD>>=round('<<... by HattrickNZ Motivator in Knowledge Management 09-05-2016 1 5	1	5
Eventtype style color only displays while in current session I created 3 eventtypes, at creation I chose a different color for each one. Everything worked fine, colors were disp... by g038123 Explorer in Knowledge Management 09-02-2016 0 2	0	2
How to enable Activity > System Activity in Splunk 6.4.1? In Splunk 6.3.3, I saw the Activity > System activity. Documents says in 6.4.1, 6.4.2, 6.4.3 also has Activity, but I... by dpraveen88 Explorer in Knowledge Management 08-31-2016 1 1	1	1
What is the CLI syntax for issuing command non interactively? (without being prompted for a user/password) I am looking for something like ./bin/splunk list indexes -username me -Password MyPassword by MikeDoingSplunk New Member in Knowledge Management 08-31-2016 0 1	0	1
Routing summary indexes to specific indexer based on summary index name Hi, Could anyone help me with configuration for the following? summary indexes created on search head layer to inde... by melonman Motivator in Knowledge Management 08-30-2016 0 4	0	4
How can i know the owner of Lookup that are created in Lists and Lookups? How can i know the owner of Lookup that are created in Lists and Lookups? by amitpanjawani Explorer in Knowledge Management 08-25-2016 0 2	0	2
Is there any way to do calculated fields before search time? I was using calculated fields, but then I started reading the documentation and saw that calculated fields are done d... by ayusuf Engager in Knowledge Management 08-15-2016 0 4	0	4
How to troubleshoot an indexer not rejoining cluster after OS rebuild and data restore of /opt/splunk/ and /var/opt/splunk? We recently had an issue with one of our indexers. We had to do a restore of /opt/splunk and /var/opt/splunk after r... by M2016G0216 Explorer in Knowledge Management 08-15-2016 0 1	0	1
Can you show me how to setup IP GEO lookup workflow action Hi guys, i am learning splunk , and working my way through Workflow action, i have a dataset which has a clientip fie... by thakarpratik Engager in Knowledge Management 08-12-2016 0 3	0	3
Data Model Query Dear Experts, Kindly help to modify Query on Data Model, I have built the query. \| tstats summariesonly dc(All_T... by sumitkathpal Explorer in Knowledge Management 08-12-2016 1 3	1	3
How to reset the lookup file every 15 minutes? I have multiple search queries and when it gets executed the results are stored in csv file using the command "\| inpu... by ariyazudeen New Member in Knowledge Management 08-10-2016 0 5	0	5
What is props.conf in splunk? Hey, Fellow Splunkers I'm fairly new to Splunk, I was wandering what exactly is the props.conf?, Where is it located... by asarran Path Finder in Knowledge Management 08-10-2016 1 6	1	6
How can I use sed in Restrict search terms to sanitize on search I have a task to sanitize output of the search for certain users. The data were indexed without sanitation and I cant... by buckiboy New Member in Knowledge Management 08-10-2016 0 3	0	3
Schedule automatic summary backfill? I'd like to have summary backfill run on a scheduled basis to fill in the gaps automatically. I'd probably run this... by the_wolverine Champion in Knowledge Management 08-10-2016 1 2	1	2