Knowledge Management

Ask a Question

Discussions

Thread Info

How do I get an existing index to freshly re-index the same data input directory

Hi, I accidentally truncated my index by dropping the index limit by 3 orders of magnitude. Instead of years of da...

by Engager in

Summary indexing not working

Hi, I have a job set up to create a summary index off the license data for longer term storage. The job ran, but m...

by Champion in

Can the scrub command be used to scrub only the driver license field from results?

I need to pass log data to another applications, but because of security concerns, I need to scrub only the driver li...

by Path Finder in

Backfill automated bash script timeout: Is there a best practice on how much data can be backfilled per thread/search?

I have created a bash script to assist with automation of backfilling missing data and to avoid overloading the serve...

by Explorer in

Issue with writing to an index

I have this convoluted dbquery for sccm and I've boiled it down to a time and a value in a table. The end of the s...

by Builder in

Eventtypes' numbers limits

Good Morning all, Anybody knows if exists a limit regarding the amount of eventtype I could set into splunk? I alr...

by Path Finder in

Summary Index Backfiller fill_summary_index.py broken? "No scheduled times for your time range"

Hi Fellow Splunkers, After having upgraded to 6.4.1 yesterday, I had a go with fill_summary_index.py again, and no...

by Path Finder in

Is it possible to modify an indexed event?

Is it possible to modify an indexed event? My company is using Splunk for detecting suspicious activities. One of the...

by New Member in

/apps/splunk/var/lib/splunk/kvstore/mongo - Why is this used?

Hi, I have came across this path /apps/splunk/var/lib/splunk/kvstore/mongo. I tried to understand why this is used...

by Path Finder in

Is it possible to use one field alias for multiple fields?

Hi, is it possible to use one field alias for multiple fields? For example I want to use field aliases to renam...

by Motivator in

what should an event look like? best practices, etc...

I've been asked to create my best case/wished-for Splunk event and our tech team will create it for me. I think I'm i...

by Path Finder in

Summary indexing

Hi According to this page http://docs.splunk.com/Documentation/Splunk/6.0.3/Knowledge/Usesummaryindexing stuff...

by Communicator in

Is it possible to saved data returned from a virtual index into another virtual index using the collect command?

Is it possible to save data returned from a virtual index into another virtual index using the collect command in Spl...

by Engager in

Summary Index getting populated with incorrect data

Hi, I am getting logs from 2 servers which is exactly same unless there is some failure. We have to group the events ...

by Explorer in

Disabling Welcome Screen

When you navigate to your Splunk webpage, you first come to a screen that checks for updates and then gives you the o...

by Explorer in

Is it possible to assign roles to only have access to certain summary indexes?

Greetings, I have read through the Knowledge Manager Manual on summary indexes, but am left with a question for my...

by Builder in

Does someone have a practical example on using the collect command?

I read the doc about the collect command. I understand how it works and what it does, but I wanted some practical exa...

by Path Finder in

Is it possible to create a summary index with Hunk?

Is it possible to create a summary index with Hunk? I'm also curious as to the implementation so that we can build it...

by Contributor in

Need assistance mapping fields in a PSV file that has no headers

Good morning. I have a file that looks like this: 2016-05-09 04:36:02,963[qtp789448364-261]|WARN|org.eclipse.jetty...

by Builder in

User Workflow in Splunk

Im hoping someone can help me out here? Apologies if I break any community rules - first post here! Trying to crea...

by New Member in

Is there an error in the "Creating Splunk Knowledge Objects" eLearning course?

Hello, I am currently following the "Creating Splunk Knowledge Objects" eLearning course but at one point, the tea...

by Contributor in

Eventtype vs. Saved Search

What is the difference between an “eventtype” and a “Saved Search”? While I know eventtypes can be entered right into...

by Legend in

Dashboard Statistics Table Not Showing

I am building a dashboard and I've been having an issue with presenting Statistics Tables on the dashboard while logg...

by Contributor in

How can I set KV store collection data for data type time, when using the REST API?

I am having trouble setting the value of a KV Store collection field of type time. Does anyone know the best way to d...

by New Member in

Overflow /opt/splunk/var/spool/splunk directory

Hello, We have overflow /opt/splunk/var/spool/splunk directory. It contains stash.new files from 2014 year to toda...

by Path Finder in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

How do I get an existing index to freshly re-index the same data input directory

Summary indexing not working

Can the scrub command be used to scrub only the driver license field from results?

Backfill automated bash script timeout: Is there a best practice on how much data can be backfilled per thread/search?

Issue with writing to an index

Eventtypes' numbers limits

Summary Index Backfiller fill_summary_index.py broken? "No scheduled times for your time range"

Is it possible to modify an indexed event?

/apps/splunk/var/lib/splunk/kvstore/mongo - Why is this used?

Is it possible to use one field alias for multiple fields?

what should an event look like? best practices, etc...

Summary indexing

Is it possible to saved data returned from a virtual index into another virtual index using the collect command?

Summary Index getting populated with incorrect data

Disabling Welcome Screen

Is it possible to assign roles to only have access to certain summary indexes?

Does someone have a practical example on using the collect command?

Is it possible to create a summary index with Hunk?

Need assistance mapping fields in a PSV file that has no headers

User Workflow in Splunk

Is there an error in the "Creating Splunk Knowledge Objects" eLearning course?

Eventtype vs. Saved Search

Dashboard Statistics Table Not Showing

How can I set KV store collection data for data type time, when using the REST API?

Overflow /opt/splunk/var/spool/splunk directory

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

TcpOutput persistent queue is available now

Persistent queue problems

Splunk could not get the description for this even...

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased...