Knowledge Management

Discussions

Thread Info

Backfill command not finding searches

When I run the backfill command for summary index searches in an app, I get an output saying that there is 30 searche...

by Explorer in

bizarre multivalue/mvexpand question

In complex reporting views I often use the FlashTimeline module near the top, to allow the user to regenerate the Fla...

by SplunkTrust in

Global summary - Events Indexed counter

If the Events Indexed in the Global summary on the main summary page, if this number decreases, does that mean an ind...

by Communicator in

Best Practice for Updating Summary Indexed Data

I'd like to see if there's a "right" way to solve this problem. I've got a lot of delayed entry for data that gets su...

by Splunk Employee in

meta: how can I set my "interesting tags" to get notifications?

If I go to my Answers profile page, and then 'edit user settings' and then 'email notification settings', it has a se...

by SplunkTrust in

What do the fields psrsvd_gc=x and psrsvd_v=x mean?

What do the fields psrsvd_gc=x and psrsvd_v=x mean? Where do these fields come from and how are they used in the logs...

by New Member in

How to use priority of EventTypes as criteria ?

Hello, I have configured Event Types in Splunk to identify all errors with a tag (it's easier to understand than s...

by New Member in

Spaces in tags

Hello, Is it possible to put spaces in tags of event types ? For example, I have an Eventtype for this log "[20...

by New Member in

macro with localop?

Is there any way to start a macro with a generator command? I get the error "The command must be the first command of...

by Contributor in

Delete overlaps from summary index

The knowledge manager manual mentions ""Manually delete the overlaps from the summary index using the search language...

by Splunk Employee in

How do I pass the logged in user to a workflow action?

I'm trying to set up a workflow action to send an email to someone via a CGI script on another box. I need to have th...

by Path Finder in

Unable to find an eventtype <eventtype>

I recently updated my searchheads and indexers to 4.2. For some reason I get an error on my search heads when I'm try...

by Communicator in

summary indexing created multi value in orig_host entries

I'm using Splunk 4.1.6 and getting started with creating summary data. Edit: What I'm trying to do is eliminate fi...

by Path Finder in

What are the summary index improvements in 4.2?

We have summary indexes currently but we have problems: When splunkd is down for maintenance summaries have gaps ...

by Path Finder in

How to index summary indexes on a Search Head locally, and forward all other data to the indexer?

Does anyone have any config pointers for the following scenario: We have a Search Head, and it runs apps that gene...

by Motivator in

Slow search for squid for a 30 days report

hi all, i have a problem with a squid search, it is very very slow (over 30 minutes to load) the search is this: s...

by Path Finder in

Eventtype best practices?

the splunk CIM discusses the use of tags to help identify log entries according to an object/action/status formula - ...

by Path Finder in

summary index event date and sourcetype

when i create a summary index for the speed benefit and to filter results there are two main things i lose. Each ...

by Contributor in

Using a transaction result to feed another search

Summary I have a common field shared between two events which is a phone number. One event has details about the t...

by Path Finder in

Why is initial summary screen slower on 4.2?

I am running parallel installs of 4.1 & 4.2. The 4.2 initial summary dashboard seems to be slower than 4.1.x. Why is ...

by Splunk Employee in

Configurable Location for Summary Index Possible?

Can summary indexes, aka stash files, be stored somewhere other than $SPLUNK_HOME/var/spool/splunk/_.stash? Specifica...

by Communicator in

Summary index for sorted results

I want to show our worst performing access log results. Having broken it down to fields including timetaken for a tim...

by Path Finder in

how to read the content of a file with splunk?

Hi I've got files that I've got to read, and when there is a file with ERROR or WARNING in it, i've got to send an...

by Explorer in

How to use summary indexes when max transaction span exceeds reporting interval

I am trying to use transactions to better summarize what is going on in sessions. sourcetype="blah" response="200"...

by Path Finder in

Can I increase the number of backfill threads higher than 16

Is there a way to increase the number of maximum threads that the backfill script will use to a value higher than 16?

by Path Finder in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

Backfill command not finding searches

bizarre multivalue/mvexpand question

Global summary - Events Indexed counter

Best Practice for Updating Summary Indexed Data

meta: how can I set my "interesting tags" to get notifications?

What do the fields psrsvd_gc=x and psrsvd_v=x mean?

How to use priority of EventTypes as criteria ?

Spaces in tags

macro with localop?

Delete overlaps from summary index

How do I pass the logged in user to a workflow action?

Unable to find an eventtype <eventtype>

summary indexing created multi value in orig_host entries

What are the summary index improvements in 4.2?

How to index summary indexes on a Search Head locally, and forward all other data to the indexer?

Slow search for squid for a 30 days report

Eventtype best practices?

summary index event date and sourcetype

Using a transaction result to feed another search

Why is initial summary screen slower on 4.2?

Configurable Location for Summary Index Possible?

Summary index for sorted results

how to read the content of a file with splunk?

How to use summary indexes when max transaction span exceeds reporting interval

Can I increase the number of backfill threads higher than 16

Cultivate Your Career Growth with Fresh Splunk Training

Introducing a Smarter Way to Discover Apps on Splunkbase

How to Send Splunk Observability Alerts to Webex teams in Minutes

New Splunk TcpOutput persistent queue

Solutions: "Splunk could not get the description f...

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased...

Routing events on UF for sourcetypes with INDEXED_...

Knowledge Management

Are you a member of the Splunk Community?

Discussions