Knowledge Management

Community Activity

/apps/splunk/var/lib/splunk/kvstore/mongo - Why is this used? Hi, I have came across this path /apps/splunk/var/lib/splunk/kvstore/mongo. I tried to understand why this is used, ... by saifuddin9122 Path Finder in Knowledge Management 06-09-2016 0 5	0	5
Is it possible to use one field alias for multiple fields? Hi, is it possible to use one field alias for multiple fields? For example I want to use field aliases to rename th... by HeinzWaescher Motivator in Knowledge Management 06-07-2016 1 6	1	6
what should an event look like? best practices, etc... I've been asked to create my best case/wished-for Splunk event and our tech team will create it for me. I think I'm i... by ra01 Path Finder in Knowledge Management 06-07-2016 0 2	0	2
Summary indexing Hi According to this page http://docs.splunk.com/Documentation/Splunk/6.0.3/Knowledge/Usesummaryindexing stuff tha... by flo_cognosec Communicator in Knowledge Management 06-06-2016 0 9	0	9
Is it possible to saved data returned from a virtual index into another virtual index using the collect command? Is it possible to save data returned from a virtual index into another virtual index using the collect command in Spl... by aaron_harris Engager in Knowledge Management 06-06-2016 0 1	0	1
Summary Index getting populated with incorrect data Hi, I am getting logs from 2 servers which is exactly same unless there is some failure. We have to group the events ... by Roopaul Explorer in Knowledge Management 06-03-2016 0 4	0	4
Disabling Welcome Screen When you navigate to your Splunk webpage, you first come to a screen that checks for updates and then gives you the o... by jkfierro Explorer in Knowledge Management 05-26-2016 3 6	3	6
Is it possible to assign roles to only have access to certain summary indexes? Greetings, I have read through the Knowledge Manager Manual on summary indexes, but am left with a question for my u... by ccsfdave Builder in Knowledge Management 05-18-2016 0 2	0	2
Does someone have a practical example on using the collect command? I read the doc about the collect command. I understand how it works and what it does, but I wanted some practical exa... by renanprado96 Path Finder in Knowledge Management 05-13-2016 0 3	0	3
Is it possible to create a summary index with Hunk? Is it possible to create a summary index with Hunk? I'm also curious as to the implementation so that we can build i... by jaredlaney Contributor in Knowledge Management 05-12-2016 0 4	0	4
Need assistance mapping fields in a PSV file that has no headers Good morning. I have a file that looks like this: 2016-05-09 04:36:02,963[qtp789448364-261]\|WARN\|org.eclipse.jetty.i... by brent_weaver Builder in Knowledge Management 05-09-2016 0 4	0	4
User Workflow in Splunk Im hoping someone can help me out here? Apologies if I break any community rules - first post here! Trying to creat... by chrisnewmanuk New Member in Knowledge Management 05-08-2016 0 2	0	2
Is there an error in the "Creating Splunk Knowledge Objects" eLearning course? Hello, I am currently following the "Creating Splunk Knowledge Objects" eLearning course but at one point, the teach... by ctaf Contributor in Knowledge Management 05-06-2016 1 4	1	4
Eventtype vs. Saved Search What is the difference between an “eventtype” and a “Saved Search”? While I know eventtypes can be entered right int... by lguinn2 Legend in Knowledge Management 05-06-2016 10 4	10	4
Dashboard Statistics Table Not Showing I am building a dashboard and I've been having an issue with presenting Statistics Tables on the dashboard while logg... by daniel_augustyn Contributor in Knowledge Management 05-04-2016 0 15	0	15
How can I set KV store collection data for data type time, when using the REST API? I am having trouble setting the value of a KV Store collection field of type time. Does anyone know the best way to d... by danrb1978 New Member in Knowledge Management 04-28-2016 0 1	0	1
Overflow /opt/splunk/var/spool/splunk directory Hello, We have overflow /opt/splunk/var/spool/splunk directory. It contains stash.new files from 2014 year to today.... by vryzhko Path Finder in Knowledge Management 04-27-2016 0 1	0	1
workflow action not working in dashboard My workflow actions do not show up in the pulldown next to the event within dashboard? What do I need to change to g... by mcbradford Contributor in Knowledge Management 04-27-2016 1 2	1	2
I have a summary index to run every 24 hours, but the data does not get refreshed. How can I automatically clean the old index? I want to load the data every 2 weeks, but clean out the old data before running the summary index again? by dcrooks_us Explorer in Knowledge Management 04-25-2016 0 1	0	1
splunk clean all problem I have been trying to wipe out an eval instance of splunk to start again, but I keep getting errors. I then upgraded ... by gjohnson New Member in Knowledge Management 04-21-2016 0 3	0	3
How to load scheduled real time search using their search id or search name? HI, We are looking to enhance our real time dashboard performance, in away of that we have scheduled real time searc... by splunker9999 Path Finder in Knowledge Management 04-21-2016 0 2	0	2
How to restore archived logs Hi all , I have configured Splunk buckets to archive indexed logs after 1 month. I will store the archived logs in t... by lohit Path Finder in Knowledge Management 04-21-2016 0 2	0	2
Is it possible to limit a role to only have the capability of deleting data for summary indexes? I want to provide some users only the right to delete data for the summary index. Is it possible? From my understa... by qlan New Member in Knowledge Management 04-20-2016 0 1	0	1
How can I move logs from one index to another? We recently moved several different logs that were in the "main" index to a newly-created index in order to organize ... by rharden New Member in Knowledge Management 04-15-2016 0 3	0	3
KVStore with replication setup I have 2 indexers and 1 search head. i migrated from splunk 5 to 6 and had some difficulty with realtime alerts and ... by gdavid Path Finder in Knowledge Management 04-13-2016 2 5	2	5