Knowledge Management

Ask a Question

Discussions

Thread Info

How to use summary indexes when max transaction span exceeds reporting interval

I am trying to use transactions to better summarize what is going on in sessions. sourcetype="blah" response="200"...

by Path Finder in

Can I increase the number of backfill threads higher than 16

Is there a way to increase the number of maximum threads that the backfill script will use to a value higher than 16?

by Path Finder in

Can I use "sistats median(x)" to build a histogram of x?

If I have a summary indexing search like this: .... | sistats median(x) I get a list of values and counts in a...

by Super Champion in

Using collect for summary indexing not working

I have a search that produces a table. I am piping that search to: | collect index=vulnerabilities When the searc...

by Communicator in

the 500MB/day indexing volume of the free splunk

Hi, Let's suppose that my free splunk server will receive more that 500MB/day of syslog messages (through the TCP ...

by New Member in

free splunk and the TCP data inputs

Hi, The TCP data input is working on the free splunk 4.1.6 version? (meaning after the first 60 days) Thanks, ...

by New Member in

Summary Index best practice

I have a dashboard that has a pull-down menu with a list of our hosts. By selecting a host, one can get a snapshot of...

by Builder in

Eventtype Definition: Search by Field Value length

Similarly, I want to make a group/eventtype of events from a certain sourcetype where the LOGINID values are all 12 c...

by Splunk Employee in

Case Sensitivity in eventtype searches

I want to make a group/eventtype with events from a certain sourcetype where LOGINID="I*" and 'I' is capital only. Th...

by Splunk Employee in

Summarizing more than 10.000 events

Is there a way to keep more than 10.000 events on a summary index for a schedule search ? I would like to store ev...

by Path Finder in

Scheduled summary searches not running while summary backfill script is running

It appears that my regularly scheduled summary searches do not run while I'm running the backfill_summary_index scrip...

by Champion in

is there a way to group eventtypes

I would like a list of all eventtypes associated to an IP on a single table. Is there a way to perform this? I wou...

by Path Finder in

How does Splunk determine data is being summarized and thus not counted towards license usage?

In the latest versions of Splunk, summary indexing does not deduct from the licensed indexing capacity. How does Splu...

by Splunk Employee in

Workflow Action "case sensitivity" question

Hi, I have a workflow action that creates a link to an external site based on information in a particular field an...

by Builder in

Summary Index & Stream

I'm in the process of setting up summary indexes. We haven't upgraded the forwarders to the new version that supports...

by Path Finder in

How To Summary Index Unique Visitor Sessions In IIS Every 5 Mins ?

I need to update a summary index with Unique IP counts every 5 mins. What would be the optimal way to check for un...

by Explorer in

summary index & permissions

I've created a scheduled report that runs and populates a summary index. From the admin account everything down to...

by Explorer in

How do you create custom modules

What is involved in creating custom modules? I'm looking at the existing modules and I'm not sure how all of the file...

by Explorer in

Summary Index and Backfill - Doing reports on the original time

Hi, I have a whole bunch of Bluecoat logs in which I will need to create Summary Indexes for them due to the log ...

by New Member in

Enabling summary indexing for existing saved reports

I have roughly 30 saved reports that aggregate data over largish periods of time, and I've just discovered the summar...

by Explorer in

custom config values in workflow UI?

I was wondering if it were possible to use $variable$ items in workflow actions that you have stored in a custom conf...

by Path Finder in

Easiest Way to Transfer Summary Index Data?

What is the easiest way to transfer populated summary indexes from an old Splunk box over to a new instance? We ha...

by Explorer in

Summary Index skipping hosts

I have a summary index that collects stdout from a script that we run on all our hosts (SplunkLightForwarder). The se...

by Builder in

Set host tag (tag::host) based on CIDR search

Hi Apologies in advance if there already is a similar question/answer (I couldn't find it) Is there a way of se...

by Engager in

Unexpected behavior when graphing against a summary index

I've created the following saved search into a Summary Index: index=access host="xyz" sourcetype="*access*" startm...

by Builder in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

How to use summary indexes when max transaction span exceeds reporting interval

Can I increase the number of backfill threads higher than 16

Can I use "sistats median(x)" to build a histogram of x?

Using collect for summary indexing not working

the 500MB/day indexing volume of the free splunk

free splunk and the TCP data inputs

Summary Index best practice

Eventtype Definition: Search by Field Value length

Case Sensitivity in eventtype searches

Summarizing more than 10.000 events

Scheduled summary searches not running while summary backfill script is running

is there a way to group eventtypes

How does Splunk determine data is being summarized and thus not counted towards license usage?

Workflow Action "case sensitivity" question

Summary Index & Stream

How To Summary Index Unique Visitor Sessions In IIS Every 5 Mins ?

summary index & permissions

How do you create custom modules

Summary Index and Backfill - Doing reports on the original time

Enabling summary indexing for existing saved reports

custom config values in workflow UI?

Easiest Way to Transfer Summary Index Data?

Summary Index skipping hosts

Set host tag (tag::host) based on CIDR search

Unexpected behavior when graphing against a summary index

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

New Splunk TcpOutput persistent queue

Solutions: "Splunk could not get the description f...

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased...

Routing events on UF for sourcetypes with INDEXED_...

Knowledge Management

Are you a member of the Splunk Community?

Discussions