Knowledge Management

Ask a Question

Discussions

Thread Info

How to escape "(" in macro arguments?

I pass values with parentheses to my macro. Need to escape the round brackets. The following error was thrown: PA...

by Path Finder in

Document Splunk

Morning All I've been asked to document everything we have on Splunk Platform (on prem) before moving to the cloud...

by Path Finder in

Is there a mailto option in Dashboard studio?

Hello, I want to give the contact email details on one of my dashboads which is built in dashboard studio. I ...

by Loves-to-Learn in

Why is KV Store initialization failing on one of our add-on to receive logs?

While setting up one of our add-on to receive logs, we encountered an issue. While reviewing the internal log we foun...

by Splunk Employee in

How to delete events from a summary-index?

Hi, Is it possible to delete some events (not the full index) from a summary index? something like | delete comman...

by SplunkTrust in

How to run a macro multiple times in a search?

Hello, I am trying to run a macro multiple times in a search. If the search returns 10 results, the macro should r...

by New Member in

How to pass multiple values from a search as parameters to a macro so the macro will be run for each value?

Hi I have created a macro with a parameter. Then I have a list/search with 8 values. How is it possible to pas...

by Path Finder in

Slack Channel

The slack channel mentioned here:https://hub.docker.com/r/splunk/splunk is private, I'd like to join it.

by Engager in

How to send specific logs to another heavy Forwarder?

Hi all, I want to send specific logs from one Heavy Forwarder to another heavy Forwarder. I don't want to send a f...

by Engager in

Data trim

I have some questions regarding data trim

by Communicator in

How do I extract the JSON type data from this field?

Hello I have some array data located within a field in my data. It comes from DBConnect and isnt exactly JSON. Im ...

by Path Finder in

What is Best practice for removing orphaned KOs from SHC?

Hey, does anyone know any best practice or clever way of removing orphaned Knowledge Objects in a Search Head clu...

by Path Finder in

Splunk Education: How to access free courses?

Hello. I am trying to take advantage of the free courses with splunk, but I am unable to view the videos. I've tried ...

by New Member in

Smartstore: How to upload buckets manually to remote store after the migration of indexer is over?

We have a few different requirements.i)Upload multiple (buckets)TB of legacy Standalone buckets to the index that is ...

by Splunk Employee in

Time Snap result" and "latest status change time by host

Hi, Splunkers.I need some idea to show "Time Snap result" and "latest status change time by host". Source Data is l...

by Loves-to-Learn in

Why am I experiencing KVStore Failure using Red Hat Linux 7.5 and Splunk 7.3.4?

W CONTROL [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release. F NETWO...

by Path Finder in

Otel Agent - Can we use wildcard for service monitoring?

Hi, Can we use wildcard for service monitoring? https://docs.splunk.com/Observability/gdi/monitors-hosts/win-se...

by Path Finder in

Moving splunk setup from standalone to a search peer and and search head setup Question

Good Afternoon, Some brief background for the longest time we have been using Splunk as a Standalone Indexer and ...

by Path Finder in

Deployment server

What is meant by deployment server and what does it do?

by New Member in

Match lookup field values with Splunk results and display over lookup field value yes/no

Hi, The lookup field values must match the field values returned by the query, and the results must be shown as yes...

by Path Finder in

How to track scheduled search which are using "All Time" time window?

We have a few users scheduling searches using "all time", time frame. How can I track those knowledge objets and d...

by Communicator in

Datamodel size on disk doesn't make sense?

My Web Datamodel was set to 3 months with 67 GB+ size on disk. I reduced the summary range to 1 month, and size on di...

by Path Finder in

Is there any other way to do a backup of KV store data than using the "splunk backup kvstore" command?

We have an instance where KV store is not running and we're looking to clean the whole thing out. However, we would l...

by Path Finder in

How Can Re-enable inherited role for admin in splunk ES?

I'm not lucky I have disabled all inherited roles for admin admin and when I try to re-enable back the save button is...

by New Member in

How can we auto extracted fields from TAB delimited text file with header at index time?

Hi here is sample format Audit Log ID KMA ID KMA Name Class Retention Term Operation Condition Severity Audit L...

by Explorer in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

How to escape "(" in macro arguments?

Document Splunk

Is there a mailto option in Dashboard studio?

Why is KV Store initialization failing on one of our add-on to receive logs?

How to delete events from a summary-index?

How to run a macro multiple times in a search?

How to pass multiple values from a search as parameters to a macro so the macro will be run for each value?

Slack Channel

How to send specific logs to another heavy Forwarder?

Data trim

How do I extract the JSON type data from this field?

What is Best practice for removing orphaned KOs from SHC?

Splunk Education: How to access free courses?

Smartstore: How to upload buckets manually to remote store after the migration of indexer is over?

Time Snap result" and "latest status change time by host

Why am I experiencing KVStore Failure using Red Hat Linux 7.5 and Splunk 7.3.4?

Otel Agent - Can we use wildcard for service monitoring?

Moving splunk setup from standalone to a search peer and and search head setup Question

Deployment server

Match lookup field values with Splunk results and display over lookup field value yes/no

How to track scheduled search which are using "All Time" time window?

Datamodel size on disk doesn't make sense?

Is there any other way to do a backup of KV store data than using the "splunk backup kvstore" command?

How Can Re-enable inherited role for admin in splunk ES?

How can we auto extracted fields from TAB delimited text file with header at index time?

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Persistent queue problems

Splunk could not get the description for this even...

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased...

Routing events on UF for sourcetypes with INDEXED_...