Knowledge Management

Community Activity

Using generating commands in a data model? I've got a generating command that I want to use in a data model. What's the best way to get my field (attribute) lis... by sowings Splunk Employee in Knowledge Management 10-09-2013 1 3	1	3
Realtime search based on macro and changing the macro Hi All, We have a realtime search which will fire alerts based on some thresholds which we currently store in macros... by phoenixdigital Builder in Knowledge Management 10-08-2013 1 2	1	2
effectivity of multiple summary searches in a single index Hello, I just discovered summary indexes (Oh joy! I can have results immediately instead of waiting a few minutes) ... by bkoutsky Engager in Knowledge Management 10-08-2013 0 2	0	2
saved searches populates wrong summary index In our 5.0.2 Splunk version installation we have many simultaneous summary index-populating searches. Sometimes summ... by my_splunk Path Finder in Knowledge Management 09-30-2013 0 1	0	1
Unable to get sample events: local variable 'f' referenced before assignment I am getting this error when I clicked on "Built EvenType" in the search results. Does anyone got this error? what ne... by splunkatl Path Finder in Knowledge Management 09-23-2013 0 3	0	3
Getting Markers to show up as fields for summary index The collect command has a marker option which can be "A string, usually of key-value pairs, to append to each event w... by usethedata Path Finder in Knowledge Management 09-21-2013 0 1	0	1
Issue with Summary Indexing, saved searches runs fine but summary index data is not written sometimes I have a set of 10 saved searches which are doing summary indexing. These searches are running every minute. All the ... by somesoni2 Revered Legend in Knowledge Management 09-19-2013 1 2	1	2
Using multiple summary indexes Our reporting needs are starting to grow so I am planning on creating new summaries and would like to use best practi... by sc0tt Builder in Knowledge Management 09-19-2013 0 2	0	2
Display Event Menu on a Results Table How could I display the event menu for workflows on a results table generated from a "dbquery" command available on t... by ivantn21 Explorer in Knowledge Management 09-18-2013 0 2	0	2
Is it possible to populate a specific summary index using sitimechart? I've created a new summary index that I'd like to populate with historical data. I cannot seem to find any documenta... by rmacurak Explorer in Knowledge Management 09-13-2013 0 2	0	2
Making field names case insensitive All, I'm wondering if there is any setting or workaround in place to just ignore the capitalization for all fields. ... by bruceclarke Contributor in Knowledge Management 09-11-2013 0 1	0	1
Collect Results Not Getting Indexed Hi, I have been populating my SI using the collect command and have been finding many gaps once i come back and check... by cramasta Builder in Knowledge Management 09-06-2013 0 1	0	1
Strategies for maintaining summary index consistency. Does anyone have some ways in which they are able to create "report acceleration like" automation into summary index ... by Lucas_K Motivator in Knowledge Management 09-04-2013 3 5	3	5
WMI:WinEventLog:Security - Discard events older than "x" months? I've been able to start pulling AD logs via WMI which is nice and all, but I come in this morning and have 28 some od... by TylerTreat Explorer in Knowledge Management 09-03-2013 0 2	0	2
New Indexes do not show in Web UI My indexes don't show up in the Web UI and I don't understand what causes that. I have an idea why this happens but I... by rgcurry Contributor in Knowledge Management 08-21-2013 1 3	1	3
Custom summary index not showing up in "select the summary index" dropdown Hi, I have created a new app for one of our teams. This includes a new role dma, and new indexes dma_main and dma_su... by Glenn Builder in Knowledge Management 08-20-2013 5 6	5	6
Props/transforms for stashed data Hi There are multiple searches generating different stashed data with different markers, sometimes written to differ... by Simon Contributor in Knowledge Management 08-06-2013 0 2	0	2
inputlookup in macro Hi, I have this search: \| inputlookup mySearch \| where foo=bar Now I'd like to do this: mySearch(bar) with defin... by JensT Communicator in Knowledge Management 08-05-2013 0 2	0	2
Splunk DB Connect Bug Good Morning/Afternoon to all!! I have a query regarding the dataset returned by \|dbquery. If the Database has a tim... by linu1988 Champion in Knowledge Management 08-05-2013 0 3	0	3
In need of a straighforward method for getting the name and version of the OS of a host Hello, I have a search which I run for monitoring memory usage across different platforms. This has been working well... by crunchit Engager in Knowledge Management 08-02-2013 0 1	0	1
Event types versus Tags Splunk allows us to have a tag and an event type with the same name, so what exactly is the difference between an eve... by blodgettb Engager in Knowledge Management 08-01-2013 3 1	3	1
Collect specific rows of a trace file Hi, Is it possible to collect specific rows of a trace file? I have one trace file that contains Info traces and Er... by avitallange Explorer in Knowledge Management 08-01-2013 0 1	0	1
Using summary indexes as method to isolate development from production searching Wondering if setting up a Development Search Head that creates summary indexes by searching Production Indexers would... by wgabree Engager in Knowledge Management 07-30-2013 1 2	1	2
Should I convert existing Summary searches to Report Acceleration? Hi, before Splunk 5 we have created about 40 saved searches that are populating summary index and about 70 other save... by kenliu Explorer in Knowledge Management 07-24-2013 0 2	0	2
Prediction Function Algorithms Questions I'm currently trying to translate Splunk functions into SAS, and was hoping for some clarification on the prediction ... by lfetky New Member in Knowledge Management 07-19-2013 0 1	0	1