Knowledge Management

Discussions

Thread Info

Disabling Welcome Screen

When you navigate to your Splunk webpage, you first come to a screen that checks for updates and then gives you the o...

by Explorer in

Is it possible to assign roles to only have access to certain summary indexes?

Greetings, I have read through the Knowledge Manager Manual on summary indexes, but am left with a question for my...

by Builder in

Does someone have a practical example on using the collect command?

I read the doc about the collect command. I understand how it works and what it does, but I wanted some practical exa...

by Path Finder in

Is it possible to create a summary index with Hunk?

Is it possible to create a summary index with Hunk? I'm also curious as to the implementation so that we can build it...

by Contributor in

Need assistance mapping fields in a PSV file that has no headers

Good morning. I have a file that looks like this: 2016-05-09 04:36:02,963[qtp789448364-261]|WARN|org.eclipse.jetty...

by Builder in

User Workflow in Splunk

Im hoping someone can help me out here? Apologies if I break any community rules - first post here! Trying to crea...

by New Member in

Is there an error in the "Creating Splunk Knowledge Objects" eLearning course?

Hello, I am currently following the "Creating Splunk Knowledge Objects" eLearning course but at one point, the tea...

by Contributor in

Eventtype vs. Saved Search

What is the difference between an “eventtype” and a “Saved Search”? While I know eventtypes can be entered right into...

by Legend in

Dashboard Statistics Table Not Showing

I am building a dashboard and I've been having an issue with presenting Statistics Tables on the dashboard while logg...

by Contributor in

How to delete events from a summary-index?

Hi, Is it possible to delete some events (not the full index) from a summary index? something like | delete comman...

by Legend in

How can I set KV store collection data for data type time, when using the REST API?

I am having trouble setting the value of a KV Store collection field of type time. Does anyone know the best way to d...

by New Member in

Overflow /opt/splunk/var/spool/splunk directory

Hello, We have overflow /opt/splunk/var/spool/splunk directory. It contains stash.new files from 2014 year to toda...

by Path Finder in

workflow action not working in dashboard

My workflow actions do not show up in the pulldown next to the event within dashboard? What do I need to change to ge...

by Contributor in

I have a summary index to run every 24 hours, but the data does not get refreshed. How can I automatically clean the old index?

I want to load the data every 2 weeks, but clean out the old data before running the summary index again?

by Explorer in

splunk clean all problem

I have been trying to wipe out an eval instance of splunk to start again, but I keep getting errors. I then upgraded ...

by New Member in

How to load scheduled real time search using their search id or search name?

HI, We are looking to enhance our real time dashboard performance, in away of that we have scheduled real time sea...

by Path Finder in

How to restore archived logs

Hi all , I have configured Splunk buckets to archive indexed logs after 1 month. I will store the archived logs in...

by Path Finder in

Is it possible to limit a role to only have the capability of deleting data for summary indexes?

I want to provide some users only the right to delete data for the summary index. Is it possible? From my unders...

by New Member in

How can I move logs from one index to another?

We recently moved several different logs that were in the "main" index to a newly-created index in order to organize ...

by New Member in

KVStore with replication setup

I have 2 indexers and 1 search head. i migrated from splunk 5 to 6 and had some difficulty with realtime alerts and ...

by Path Finder in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

Disabling Welcome Screen

Is it possible to assign roles to only have access to certain summary indexes?

Does someone have a practical example on using the collect command?

Is it possible to create a summary index with Hunk?

Need assistance mapping fields in a PSV file that has no headers

User Workflow in Splunk

Is there an error in the "Creating Splunk Knowledge Objects" eLearning course?

Eventtype vs. Saved Search

Dashboard Statistics Table Not Showing

How to delete events from a summary-index?

How can I set KV store collection data for data type time, when using the REST API?

Overflow /opt/splunk/var/spool/splunk directory

workflow action not working in dashboard

I have a summary index to run every 24 hours, but the data does not get refreshed. How can I automatically clean the old index?

splunk clean all problem

How to load scheduled real time search using their search id or search name?

How to restore archived logs

Is it possible to limit a role to only have the capability of deleting data for summary indexes?

How can I move logs from one index to another?

KVStore with replication setup

Improve Your Security Posture

Maximize the Value from Microsoft Defender with Splunk

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Provided solution : Tip to reduce large CSV lookup...

Why did field extraction disappear after adding ca...

Salesforce lookup issue: Why can I not expand look...

Could someone tell us about the introduction of Sm...

KVstore field Aliase