Knowledge Management

Discussions

Thread Info

How to use macros to set time variable

Hi, I'm trying to configure macros to use as a variable in my source. In my macro, I use strftime(relative_time(ti...

by Explorer in

Automatic Lookups on Internal Index

Is the _internal index exempt from automatic lookups? I can't get any automatic lookups working on the index even wit...

by Explorer in

Why should I continue trying to evaluate Splunk?

Hello, Monday I signed up for a cloud trial and it still isn't working for me. When a sales person called and we talk...

by New Member in

If my coldToFrozenDir is full or unavailable, do I lose my old data?

From can I see, Splunk continues to run but I would like to know what happens to the cold data which meets the criter...

by Explorer in

Collecting to a summary index not working

am unable to collect data into a summary index. Getting odd behavior. This works: index=security sourcetype=dbx...

by Path Finder in

Storing Calculated Data for Later Use

I am trying to essentially gather information of a pretty large query and count it every day, and then display this t...

by Explorer in

eventtype from an inputlookup

I am making an app and wanted to have some dummy data tagged as an example to the end user. So I have eventtypes.c...

by Builder in

Can I specify a tag that logically ANDs the field value pairs?

I'd like to setup a tag that is restrictive (AND) in its query rather than inclusive (OR). For example, if you specif...

by Explorer in

Will summarizing already-summarized data with sistats yield accurate results?

Suppose I have a summary index storing summarized minute-ly data populated from sistats. Suppose each minute contains...

by Communicator in

Is there a tsistats or something similar for summarizing accelerated data model data?

We would like to benefit from the performance benefit of an accelerated data model, however, we also need to summariz...

by Communicator in

Not result get from collect

I schedule below search, search name is "TransactionResult" sourcetype="ims*" host="chi*" ActivityId!="(null)" (Ac...

by New Member in

Do we need to enable counter in client sytem to collect in the splunk server?

Hi all, Do we need to enable counter in client sytem to collect in the splunk server? Thanks Sathish R

by Contributor in

How to disable update checking in Splunk server / where to locate app.conf?

Splunk 6.0.2 (build 196940), Ubuntu 12.04 I have seen http://answers.splunk.com/answers/28616/how-can-automatic-u...

by Path Finder in

Is it possible to run arbitrary searches that take advantage of accelerated data models without using pivots?

I am looking into possibility of replacing summary indexing with data model acceleration. I have a number of external...

by Communicator in

How to directly connect to kvstore using a mongodb client and bulk fill my kvstore with 3,000,000 entries?

Hi there, I would like to initially bulk fill my kvstore with around 3.000.000 entries. AFAIK the REST API allo...

by Contributor in

Can I use summary indexing in the free version of Splunk?

Hello, I tried to research whether it is possible or not to use summary indexing in Splunk Free, but I didn't find...

by Path Finder in

How to create an index on a kvstore?

Is there a way to create an index on a kvstore so that indexed based queries will run quickly?

by Splunk Employee in

Any better way to compare the events being added to Splunk with a list of values which contains all the possible values and find the amount of occurence of each value ?

I have a list of values in a .xls file, hundreds values and a huge number of events (millions) that have been added i...

by Engager in

Accelerated search results not updating for delete data

I have some saved accelerated searches that generated graphs that are displayed on some of our reports to alert users...

by Path Finder in

Is it possible to create a global field alias?

I would like to create aliases for fields that map to Splunk's Common information Model, so I go to Settings >> Field...

by Influencer in

Steps to remove a cluster member permanently

Hi, What are the required steps to permanently remove a member from a cluster?

by Champion in

How to "cut" information?

Hello guys i have some log files that i need to be shown from place A to place B. with witch command i can do it? and...

by New Member in

splunk : what is purpose ?

hello , 1.we are confused that is it monitoring tool or backup application means that it can backup data on second...

by New Member in

How should the host field be assigned in a web farm scenario?

Let’s begin by saying I’m new to Splunk, so don't assume I know something. I’m thinking about how I should assign ...

by Explorer in

stats dc behavior against a summary index

So I have a summary index that was populated hourly with something like: sourcetype="foo" | sistats count dc(s) by d ...

by Contributor in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

How to use macros to set time variable

Automatic Lookups on Internal Index

Why should I continue trying to evaluate Splunk?

If my coldToFrozenDir is full or unavailable, do I lose my old data?

Collecting to a summary index not working

Storing Calculated Data for Later Use

eventtype from an inputlookup

Can I specify a tag that logically ANDs the field value pairs?

Will summarizing already-summarized data with sistats yield accurate results?

Is there a tsistats or something similar for summarizing accelerated data model data?

Not result get from collect

Do we need to enable counter in client sytem to collect in the splunk server?

How to disable update checking in Splunk server / where to locate app.conf?

Is it possible to run arbitrary searches that take advantage of accelerated data models without using pivots?

How to directly connect to kvstore using a mongodb client and bulk fill my kvstore with 3,000,000 entries?

Can I use summary indexing in the free version of Splunk?

How to create an index on a kvstore?

Any better way to compare the events being added to Splunk with a list of values which contains all the possible values and find the amount of occurence of each value ?

Accelerated search results not updating for delete data

Is it possible to create a global field alias?

Steps to remove a cluster member permanently

How to "cut" information?

splunk : what is purpose ?

How should the host field be assigned in a web farm scenario?

stats dc behavior against a summary index

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

New Splunk TcpOutput persistent queue

Forwarders blocking / Splunk Cloud Dead Letter Qu...

Solutions: "Splunk could not get the description f...

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased...