Knowledge Management

Discussions

Thread Info

Spunk indexes

Hello, I am fairly familiar to spunk, but I do need to improve on indexes. I am currently working on a new client env...

by Engager in

Fuzzy Logic match with multi word value

I have a situation where I'm using case to compare 2 fields to identify a fuzzy match, but in field 1 I may have "boa...

by Contributor in

Why do Selected Fields Get Reset after upgrading to 8.2.11?

Dear All We moved to splunk 8.2.11 and since then, our selected fields keeps resetting every time I logout. Is ...

by Path Finder in

Is search history replicated?

Hi, Testing out 6.4, and I noticed that the search-history feature is not replicated across SH. Is this possible?

by Champion in

Does using a kvstore lookup in a SH cluster decrease performance?

I have a kvstore lookup in a single SH environment. If the environment is made into a cluster and kvstore replication...

by Path Finder in

Tagging "url" in Web Data Model

Hi, I'd like to know how to associate the "url" tag with the web data model. We're currently working with URL logs ...

by Builder in

Aliases not working

Hi All, I am having an issue creating an alias simply going from DestinationPort to dest_port for SysMon EventID 3...

by Communicator in

How to match an array of CVEs into CIM CVE field?

Hello My data is formatted as JSON and it contains a field named "cves" which contains an array of cve codes relate...

by Explorer in

summary indexing with sisat distinct count without the list of what is counted

... |sistats dc(clientip) by host Returns : host psrsvd_ct_clientip psrsvd_gc psrsvd_v psrsvd_vm_clientip Whe...

by Explorer in

How to connect data to CIM when the user has changed the default index and sourcetype for an Input?

Hi, I have a modular input that is connected to CIM through eventtypes and tags as follows: default/eventtypes....

by Explorer in

Smartstore : SmartStore throws S3Client 404 error on receipt.json files

As part of internal testing, migrating data from the Classic index to SmartStore.The indexes.conf was configured with...

by Splunk Employee in

Field removed from logs but... it's still showing?

Hello all, I have created and applied the configuration in props.conf file: SEDCMD-XXXXX = s/XXXXXX//g The ...

by Loves-to-Learn in

Knowledge objects remove

Hi All, Created test user and assign the viwer roles and provided read only access, the above screen not the test use...

by Loves-to-Learn Everything in

Transpose question

Hi, I have a query like: index=federated:ccs_rmail sourcetype="rmail:KIC:reports" | dedup _time | timechart...

by Explorer in

Is it possible to create backup the app with data and visualization for a specific date to keep for a futire

Is it possible to create backup the app with data and visualization for a specific date to keep for a future date ?

by Explorer in

props.conf | multiple EXTRACT single GROUP name

Hi, I'm struggling to confirm in the docs whether this is permitted or not? I'm working on a TA for Netgear Wi-Fi, ...

by Path Finder in

How can I use the Network_Traffic datamodel to find what has NOT egressed/logged for a firewall ACL/rule?

Good afternoon, Background: I found a configuration issue in one of our firewalls which I'm trying to remediate wh...

by Engager in

The lookup table XYZ does not exist or not available Error

Hello, I am seeing the below error in the internal logs.The lookup table XYZ does not exist or not available I ha...

by Motivator in

The search specifies a macro that cannot be found

Hello, I am seeing the below error in the internal logs, I am on Splunk On premise clustered environment.10-03-2023...

by Motivator in

Macro API not working!

Hello, I am attempting to Splunk search via Macro. When using the Splunk search UI, the relevant information comes ...

by New Member in

Events getting truncated at the beginning

Some of the event logs in Splunk are getting truncated at the beginning. Tried some prop's to break before date, li...

by Path Finder in

Splunk REST APIs

Hi TeamI am new to Splunk and looking for a way to Fetch few metrics data from Splunk using Splunk REST API.Can you p...

by New Member in

Why did the field name change while indexing csv file in splunk?

I am trying to index a csv file by uploading it through splunk web.... while setting up sourcetype i could see all my...

by Path Finder in

How to find CSV issue?

We have error messages like " Corrupt csv header in CSV file , 2 columns with the same name 'Severity" & CSV file con...

by Path Finder in

Is there a rest api or any curl command through which we can upload a lookup file from a user designated area

I want to automate the uploading of a lookup file but at first I have to upload it to staging area. The staging area ...

by New Member in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

Spunk indexes

Fuzzy Logic match with multi word value

Why do Selected Fields Get Reset after upgrading to 8.2.11?

Is search history replicated?

Does using a kvstore lookup in a SH cluster decrease performance?

Tagging "url" in Web Data Model

Aliases not working

How to match an array of CVEs into CIM CVE field?

summary indexing with sisat distinct count without the list of what is counted

How to connect data to CIM when the user has changed the default index and sourcetype for an Input?

Smartstore : SmartStore throws S3Client 404 error on receipt.json files

Field removed from logs but... it's still showing?

Knowledge objects remove

Transpose question

Is it possible to create backup the app with data and visualization for a specific date to keep for a futire

props.conf | multiple EXTRACT single GROUP name

How can I use the Network_Traffic datamodel to find what has NOT egressed/logged for a firewall ACL/rule?

The lookup table XYZ does not exist or not available Error

The search specifies a macro that cannot be found

Macro API not working!

Events getting truncated at the beginning

Splunk REST APIs

Why did the field name change while indexing csv file in splunk?

How to find CSV issue?

Is there a rest api or any curl command through which we can upload a lookup file from a user designated area

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

New Splunk TcpOutput persistent queue

Solutions: "Splunk could not get the description f...

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased...

Routing events on UF for sourcetypes with INDEXED_...

Knowledge Management

Are you a member of the Splunk Community?

Discussions