Knowledge Management

Knowledge Management
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
the_wolverine

BUG: Why are my summary searches being re-run occasionally?

Slightly different issue -- I have scheduled searches that work correctly but occasionally they get rescheduled (run ...
by the_wolverine Champion in Knowledge Management 02-25-2016
0 1
0
1
dsollen

Can a search macro have a default value for a parameter?

The question statement says it all. I was wondering if I can create search macro where some of the fields are predef...
by dsollen Explorer in Knowledge Management 02-25-2016
2 1
2
1
syjayaraj

how to delete uploaded csv file

Hello Team, I added an csv file using add data, I do not know how to delete it, could some help on this. and where th...
by syjayaraj Explorer in Knowledge Management 02-25-2016
1 6
1
6
dmacgillivray

Can a scheduled report push data to a web server?

Hello Splunk, I have a question about the process for web hooks. Looks like it is asynchronous, but can it push data...
by dmacgillivray Communicator in Knowledge Management 02-22-2016
0 2
0
2
rjthibod

Defining summary indexes in indexes.conf in a distributed/cluster environment

My app includes the definition of a summary index in indexes.conf. When I am providing a copy of the app for cluster...
by rjthibod Champion in Knowledge Management 02-21-2016
0 4
0
4
dsollen

Create a summary index that creates fields for each result per day

I have data coming in which can roughly be looked at as having four fields Timestamp, source, flag, count What I w...
by dsollen Explorer in Knowledge Management 02-18-2016
0 5
0
5
wanling

rebuild statistics to summary index due to network disruption

I encountered an issue in our splunk environment. The network connection between the forwarders and splunk indexer wa...
by wanling Path Finder in Knowledge Management 02-11-2016
1 4
1
4
max_szulc

Is it possible to alias an index name?

Is it possible in Splunk Enterprise to alias index name (for purposes of an app, so that one doesn't have to modify t...
by max_szulc New Member in Knowledge Management 02-05-2016
0 8
0
8
adamblock2

How to use tags to identify complete subnets?

I am curious whether tags can be used to identify complete subnets. For example, I would like to assign the tag name...
by adamblock2 Path Finder in Knowledge Management 02-02-2016
0 4
0
4
secfrit

May I search for a tag "later" in the search string?

I wonder why the following search string is returning events as expected index=* tag=web tag=proxy but if I search...
by secfrit Explorer in Knowledge Management 01-27-2016
0 3
0
3
kufish001

Cannot get any result using "transaction startsWith=xxx endsWith=xxx"

Hi, I'm a Splunk newbie and I'm trying to do some analysis for our logs using 'transaction'. The logs I want to capt...
by kufish001 New Member in Knowledge Management 01-25-2016
0 1
0
1
user4455

Multiple conf files with single endpoint or referencing other conf files?

I have an app with setup.xml where a hostname is entered. I've also made a custom conf file and setup the REST endpo...
by user4455 Explorer in Knowledge Management 01-25-2016
0 1
0
1
dimoklis

How to troubleshoot why a scheduled saved search that populates a summary index does not finalize?

Hello, I have a scheduled saved search which populates a summary index with ~50M events. As the search is triggered,...
by dimoklis Explorer in Knowledge Management 01-22-2016
0 5
0
5
debanjankundu

what is the basic difference between tags and event types

same kind of output generates while using either "Tags" or "Event types". So what is the exact purpose of this two? ...
by debanjankundu Explorer in Knowledge Management 01-21-2016
3 4
3
4
ctaf

How to add iplocation fields in a data model?

Hello, I was wondering if it is possible to add the result of the iplocation (Country, City, ... fields) command in ...
by ctaf Contributor in Knowledge Management 01-19-2016
0 3
0
3
sideview

is there a way that autoKV can support both spaces and quote chars in field values?

I'm writing an app that's based on a scripted input, and I'm trying to just dump out my key value pairs so the field ...
by SplunkTrust SplunkTrust in Knowledge Management 01-14-2016
2 6
2
6
rakesh_498115

Why are the index retention settings not being applied for my summary index as expected?

Hi All, I have a summary index called "my_index", which has the data every 30 min from a saved search. I want this d...
by rakesh_498115 Motivator in Knowledge Management 01-11-2016
0 5
0
5
dteo827

How to search and compare the same data across multiple KV stores?

Greetings Splunk Answers, I have 4 CSV's containing similar data (usernames, first/last names, job roles) all of whic...
by dteo827 Explorer in Knowledge Management 01-06-2016
0 2
0
2
DMohn

How to calculate the daily change of a field value

Hi Splunkers, I need to calculate the daily value change of a field, and report on the daily difference. The field i...
by DMohn Motivator in Knowledge Management 01-05-2016
0 4
0
4
adamb0mb

Why is fill_summary_index not actually backfilling my summary index?

I SSH into our master node and ran the backfill script: sudo -s cd /opt/splunk/bin ./splunk cmd python fill_summary_...
by adamb0mb Explorer in Knowledge Management 12-30-2015
0 2
0
2
Raghav2384

What resources are recommended if I've been made a Splunk administrator, but know very little about Splunk?

Hello Experts, I know very little about splunk :(. Our only splunk expert decided to quit and i have been asked to t...
by Raghav2384 Motivator in Knowledge Management 12-28-2015
2 10
2
10
rakesh_498115

Is there any way to fill my summary index with only the newer portion data every day from the raw index?

Hi Splunk team, I have a scenario where i have a raw index and a summary index, and a scheduled search which is used...
by rakesh_498115 Motivator in Knowledge Management 12-17-2015
1 5
1
5
spammenot66

What's the difference between tscollect and collect? Is there any benefit to using tstats/tscollect or summary indexing over accelerated reporting?

What's the difference between tscollect and collect? Is there any benefit to using tstats/tscollect or summary indexi...
by spammenot66 Contributor in Knowledge Management 12-17-2015
0 1
0
1
redc

Is there a setting for the maximum number of results that can be written to a summary index from a single saved search?

Basically the same problem as reported in https://answers.splunk.com/answers/94725/issue-with-summary-indexing-saved-...
by redc Builder in Knowledge Management 12-10-2015
2 3
2
3
josefa123

What are best practices for setting polling intervals on each machine to collect system metrics?

Anyone of you has a best practice on implementing the best polling interval of each machine data? I am still puzzled ...
by josefa123 Explorer in Knowledge Management 12-09-2015
0 8
0
8
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...