Knowledge Management

Community Activity

How to delete data older than 90 days except summary index We have multiple indexes to separate the access / role limit due to data privacy/security (like index1, index2, index... by dhavamanis Builder in Knowledge Management 08-05-2014 2 2	2	2
Is it possible to generate a "Data Summary" for indexes other than the default index? Splunk's default search screen features a convenient "Data Summary" button which users can click to show a summary fo... by pscalise New Member in Knowledge Management 08-01-2014 0 2	0	2
Is it usual to have multiple tags that appear the same Forgive me if this is a naive question. We seem to have multiple tags that have the same name. They contain differe... by raoul Path Finder in Knowledge Management 07-30-2014 0 3	0	3
eventtype with Russian text causes "\| stats count by tag" to return no results If I run the search: tag=S100 \| stats count it returns the correct results. So the tag can be searched, but there i... by mgaraventa_splu Splunk Employee in Knowledge Management 07-25-2014 3 1	3	1
Any good knowledge object/dependency management techiques out there? So.. With a lot of reports that are dependent on lookup tables.. Dashboards dependent on saved reports, and so on, i... by dstaulcu Builder in Knowledge Management 07-25-2014 3 1	3	1
Splunk_TA_nix 5.0.2 Eventtype does not exist or is disabled I am getting the following when using the following search: index=juniperfirewall tag=* \|search tag=ids The tag=* wa... by aelliott Motivator in Knowledge Management 07-16-2014 1 1	1	1
fill_summary_index.py error backfilling 5-minute CPU utilization summary index Here is the search (name = CPU-Summery-WMI): sourcetype="WMI:CPUTime" earliest=-5m@m \| stats avg(PercentProcessorTi... by ww9rivers Contributor in Knowledge Management 07-11-2014 0 3	0	3
How to reindex a folder with a FTP log For some reason I did get a hang or something while I added a folder of FTP log to the Splunk server. This made the ... by lakromani Builder in Knowledge Management 07-07-2014 0 3	0	3
macro with DBquery Hi I used macro and its return some results, I want to run dbquery to passing parameter using the macro results How... by senthilgoa Engager in Knowledge Management 07-01-2014 0 3	0	3
Error when creating database lookup Each time I try to create a new or save and existing database lookup I get the following error: {"msg": "Encountered... by smorse11 Engager in Knowledge Management 06-26-2014 0 2	0	2
What capabilities and permissions get applied to the nobody user? I'm seeing searches running with user 'nobody' what quota will be applied? I can't seem to apply any role to nobody? by abonuccelli_spl Splunk Employee in Knowledge Management 06-26-2014 5 1	5	1
How save the extracted fields into another Index Hi From the complex log, I have extracted all the fields, which is about 60+ fields. I want to save these fields int... by splunk_worker Path Finder in Knowledge Management 06-24-2014 0 3	0	3
Duplicate entries produced by saved search in summary index I have 28 saved searches and each one of the searches is executed in 5 mins gaps. Even though I have dispersed the sc... by lahariveerlapat Explorer in Knowledge Management 06-19-2014 0 3	0	3
Does the summary index data expire? Do we have an expiration on summary indexed data, if yes how long we can keep that data and where can we find this de... by vradhakrishnan Engager in Knowledge Management 06-18-2014 1 1	1	1
How do I specify a time resolution? Normally, the time resolution adjusts itself, seemingly trying to keep the number of bars shown below some "reasonabl... by letharion Engager in Knowledge Management 06-18-2014 0 1	0	1
international site best practices WE have two small international sites. What's the best practice for getting that data into our main SPlunk here in th... by earixson Engager in Knowledge Management 06-16-2014 1 1	1	1
Free up space on the index I have quite a few hot db and warm in one of my index - sharp. Can I delete the files under the rawdata directory lik... by romitsn New Member in Knowledge Management 06-13-2014 0 2	0	2
bulletin message path Where is the path of the file created when creating a bulletin message? Manager->User interface->Bulletin Messages by ben_leung Builder in Knowledge Management 06-11-2014 0 2	0	2
How to compare index usage for specific day within last 4 weeks? Hello this search query is very neat and I want to know how I can compare it with last 4 weeks based on the day of we... by tlow Explorer in Knowledge Management 06-10-2014 0 1	0	1
Summary Index -nolocal Hello! I've got a distributed Splunk setup where the indexers and search heads live on separate hosts. (The indexers... by emiller42 Motivator in Knowledge Management 05-27-2014 0 2	0	2
Ideas on how to handle event flood/storm We occasionally receive hundreds of thousands of events (sometimes millions) from one or two hosts and if not acted q... by ananth_nag_kavu Explorer in Knowledge Management 05-27-2014 0 2	0	2
XMLでAttributeを指定して検索する方法について props.confに以下の設定をして、XMLを取り込んでいます。 KV_MODE = xml pulldown_type = 1 NO_BINARY_CHECK = 1 SHOULD_LINEMERGE = true このと... by takoyakiman New Member in Knowledge Management 05-21-2014 0 1	0	1
How to subtract outcome of count I have two saved searches, saved them as macros. 1: [search sourcetype="brem" sanl31 eham Successfully completed (cc... by rijk Explorer in Knowledge Management 05-21-2014 0 2	0	2
How to extend the Event Options Menu I want to extend the Event Options Menu which is located beside the result records. The idea is to add a link contain... by tpflicke Path Finder in Knowledge Management 05-19-2014 0 2	0	2
How can I forward Windows events without the Splunk forwarder software? Anyone here got some recommendations for forwarding Windows event logs to Splunk without installing the Splunk forwar... by vqd361 Path Finder in Knowledge Management 05-18-2014 0 1	0	1