Knowledge Management

Discussions

Thread Info

Extract events for a specific EventCode from sourcetype=WinEventLog:Security and alias Account_Name to myAlias

I want to alias Account_Name field for specific EventCode e.g. EventCode=1234 I want to find that event and al...

by Explorer in

How to assign/tag severity to an eventtype without using lookup tables

Is it possible to define a severity level to an eventtype without using a lookup table? The purpose would be so that,...

by Path Finder in

Eventtype Challenges

Hello, I only Splunk on a limited basis, about once a month. our Splunk admin has over 300 "eventtypes" created. ...

by Builder in

Summary Index Producing Doubled Results

I've recently created a saved search to store items into a summary index. It's scheduled to run every 5 minutes and s...

by Communicator in

summary stats functions call back changed in 5.0.*

Before Splunk 5.0.0 , when I had results summarized with stats or timechart, the name of the function was converted u...

by Splunk Employee in

Permanent tag

We will regularly move machines between environments (DEV/QA/PRD). We are currently using tags to assign a machine to...

by Explorer in

Running collect queries takes long time to move from stash to index

Hi We have a set of queries which are used to populate certain summary indexes. When we manually run the queries a...

by Communicator in

moving a summary index

Hi, One of my customers has a summary index running on a POC that they want to move into my production system. The...

by Champion in

Using report-acceleartion/summary-indexing for searches on extracted KPIs

Hi there! I am trying to extract certain values (KPIs) into a separated 'area' (now trying a summary index) to be ...

by Contributor in

uberAgent to collect desktop activity

Hi, I have installed splunk server for windows in my machine successfully, i wanted to run uberAgent to capture deskt...

by New Member in

Apps for Auto Assign of Event Type

Hi, I would like to ask if there is a splunk apps which can help you to auto assign splunk event type? Thanks in Adva...

by New Member in

eventtype definition in a search

So I have a search that is searching for IP address information from 4 eventtypes. I am now trying to label these ...

by Motivator in

Created search with tags but does not work for other users

I have created several tags (on source), and use them in searches. The saved searches does not work for other users.....

by Explorer in

info_search_time vs search_now?

What is the difference between the info_search_time vs search_now fields in my summary data?

by Champion in

Macro with eval-based definition submacro to set earliest and latest

Hello, i need a macro that acceppts a day and converts that into a format to it can be used in earliest and latest...

by Communicator in

fileds command used in summary index not showin correct data ?

Hi.. i have a main search which is given the count of id 's and writin to a summary index -summary my summary i...

by Motivator in

Debugging a search ran from python script

Hi! I have a complex search that uses macro, when running it in splunkweb it works fine, but when running it from ...

by Contributor in

Transaction and summary indexing, average duration

Hello everyone! I am currently trying to use summary indexing using the si- commands. It is working well for "simp...

by Contributor in

Using tags to search other fields

I'm trying to find a way to use tags to be used in search as such that the tag entries are cross-matched to the searc...

by Communicator in

Is there anything wrong with my saved Search?

I have identified a saved search located in savedsearches.conf, the main search in macros.conf works fine and outputs...

by Builder in

Knowledge Management

Discussions

Extract events for a specific EventCode from sourcetype=WinEventLog:Security and alias Account_Name to myAlias

How to assign/tag severity to an eventtype without using lookup tables

Eventtype Challenges

Summary Index Producing Doubled Results

summary stats functions call back changed in 5.0.*

Permanent tag

Running collect queries takes long time to move from stash to index

moving a summary index

Using report-acceleartion/summary-indexing for searches on extracted KPIs

uberAgent to collect desktop activity

Apps for Auto Assign of Event Type

eventtype definition in a search

Created search with tags but does not work for other users

info_search_time vs search_now?

Macro with eval-based definition submacro to set earliest and latest

fileds command used in summary index not showin correct data ?

Debugging a search ran from python script

Transaction and summary indexing, average duration

Using tags to search other fields

Is there anything wrong with my saved Search?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

why and when are knowledge objects saved in the us...

Ontological Indexing

Is it possible to get notified when a dashboard se...

KV Store backup/migration fail

Seeing sourcetypes in Endpoint data model

Knowledge Management

Discussions

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>