Knowledge Management

Community Activity

Can I change the location of Splunk's internal logs? I we would like to index these logs in a different directory (a directory other than the $SPLUNK_HOME/var/log/splunk)... by sgarvin55 Splunk Employee in Knowledge Management 01-07-2014 1 1	1	1
JBoss log file dosen't get inserted as data source I've set up a splunk server and setup a server.log file from jbossas, and the log file doen't show on the search pane... by nabruzzese New Member in Knowledge Management 12-26-2013 0 1	0	1
peer nodes vs. indexer nodes Basic / understanding question here. The documentation refers to both indexer and peer nodes. After reading it is tr... by tim_snider Explorer in Knowledge Management 12-19-2013 0 7	0	7
Fill_Summary_Index.py fails after a summary index source delete I created a summary index, and populated it with a search. I found later that the search was flawed, so I deleted the... by lukejadamec Super Champion in Knowledge Management 12-12-2013 0 4	0	4
How summary index a entire index I want to take one of my index and make faster, like this: index=ltm summary_index=ltm_summary Thank you guys. by felipesewaybric Contributor in Knowledge Management 12-11-2013 1 3	1	3
Limit a workflow to a sourcetype Is it possible to only display a workflow on a certain sourcetype? I have a lookup that takes the "EventCode" field ... by mpitts Explorer in Knowledge Management 12-11-2013 0 7	0	7
Saved search deleting older records from Summary Index A very strange behaviour has occurred, we have defined a saved search that gets stored into its own Summary Index, be... by Dark_Ichigo Builder in Knowledge Management 12-05-2013 0 1	0	1
transformation of log files I've different log FTP files coming in. Each log file will be in a differnt format but with some common data across t... by Jananee_iNautix Path Finder in Knowledge Management 12-04-2013 0 7	0	7
High RAM usage on Splunk Indexer At times I have seen users run searches like index=* and let it run, (this user only has restricted access to 3 index... by rdelmark Explorer in Knowledge Management 11-27-2013 0 4	0	4
Reporting zero results for hosts We have a search that runs overnight, updating a summary index for reporting the following day, as follows. tag::eve... by taylormc2305 New Member in Knowledge Management 11-25-2013 0 6	0	6
Can I use summary index in Hunk environment for report performance improvement? Hi, Running a same search in Hunk to get a report in a dashboard is slow. I would like to use summary indexing by ga... by melonman Motivator in Knowledge Management 11-24-2013 1 1	1	1
Splunk summary indexing for critical data Hi together, I'am using summary indexing to aggregate big amounts of critical data in 5 minute frames. Now I'am ask... by tcoq Path Finder in Knowledge Management 11-14-2013 0 3	0	3
My backfill script refuses to start, another backfill is already running I am trying to do a summary backfill for the searches of my app, and it's failing. It complains that an other backfil... by yannK Splunk Employee in Knowledge Management 11-12-2013 0 1	0	1
index limit How can I find out how much data Splunk is indexing? Before I found something that gave me the Peak daily usage, Avg... by glenngermiathen Path Finder in Knowledge Management 11-08-2013 0 4	0	4
macro question - how to use the macro search results to another search? Good day fellow Splunkers, I'm new to this macro in Splunk and I want to ask if this could be possible. I have 3 mo... by crt89 Communicator in Knowledge Management 11-08-2013 0 4	0	4
disk filling with spool dbmon dbmonevt files Among other struggles with DB Connect I'm trying to pull a large amount of historical data into Splunk to see it is p... by bgstein Path Finder in Knowledge Management 11-07-2013 2 3	2	3
Summary Indexing - Aggregating Data & Charting Multiple Ways So right now I have a summary index that is being populated by the following command: earliest=-20m latest=-5m \| bu... by SplunkMonster Engager in Knowledge Management 10-31-2013 0 2	0	2
Make tags public I could see where this question was asked a couple of times in 2011, but I'm wondering if anything has changed since ... by kmcconnell Path Finder in Knowledge Management 10-30-2013 0 1	0	1
Is there a way to award bounties? This site appears to be based on Stack Overflow. One SO feature that I don't see here is the ability to assign bount... by travis_bear Explorer in Knowledge Management 10-29-2013 1 2	1	2
Trying to reduce space by reducing splunkd_access.log .4 & .5 as well as web_service.log . I'm trying to reduce space by reducing splunkd_access.log .4 & .5 as well as web_service.log .4 & .5 . Doc is clea... by cevyn Explorer in Knowledge Management 10-28-2013 1 3	1	3
summary index vs search query Hi, why sometimes there is a difference between summary index results and normal search query restuls for the same d... by srinathd Contributor in Knowledge Management 10-21-2013 1 3	1	3
Question about compression Hi! I would like to quickly confirm about the compression. In the document , compression is roughly designed here. ... by yuwtennis Communicator in Knowledge Management 10-16-2013 0 10	0	10
Pooled search heads in distributed search - disable indexing and forward all data to indexers? Hello everyone. I have been combing around about this issue and haven't found a lot of concrete information. From wha... by msarro Builder in Knowledge Management 10-14-2013 0 2	0	2
Splunk as a document repository We are looking to use Splunk as a document repository (among a million other things). Does anyone have a recommendat... by x9079 Engager in Knowledge Management 10-14-2013 0 2	0	2
Migrating Splunk data from NFS to Block storage What is the process from migrating Splunk data from NFS based storage to Block based storage? by brad63 Engager in Knowledge Management 10-10-2013 2 2	2	2