Reporting

Community Activity

Data model not picking up field alias I have installed the Suricata TA on my Splunk box. I am verifying that the data is flowing into the Intrusion Detect... by responsys_cm Builder in Reporting 06-18-2019 0 4	0	4
How do i set savedsearchs limit.conf in 8 core server? hello splunker. i have about 50 savedsearchs for only 1 summary index. It starts at half an hour intervals and saev... by YUNHYEONG Explorer in Reporting 06-18-2019 0 2	0	2
Can we have datamodel acceleration for All Time? When we set the datamodel acceleration, we see the All Time option. Can we truly have data back without limit? How ca... by ddrillic Ultra Champion in Reporting 06-13-2019 0 4	0	4
Saved Searches and Passing Parameters I have a saved search which I would like to pass a "host=XXX" parameter to. Can this be done? If so, do I have to m... by tmurray3 Path Finder in Reporting 06-13-2019 4 7	4	7
C.I.M Authentication Data Model acceleration not accelerating action=success events My \|datamodel Authentication search \| search Authentication.action=success works as expected and finds thousands of e... by guarisma Contributor in Reporting 06-06-2019 0 11	0	11
How to run a scheduled report with Cron config on the first monday of each month? hello, I have scheduled a report with cron config, to run this report on the first monday of each month. My cron is... by DavidCaputo Path Finder in Reporting 06-04-2019 0 4	0	4
We have a list of servers we would like to know which are all not reporting to splunk. How to write a query for this We have a list of servers we would like to know which are all not reporting to splunk. How to write a query for this. by VijaySrrie Builder in Reporting 06-04-2019 0 1	0	1
Memory use datamodels We're seeing massive memory use (20GB+) of the Network_Traffic datamodel acceleration searches. The limits.conf defa... by mmoermans Path Finder in Reporting 06-03-2019 0 1	0	1
Why can I not embed or schedule reports after switching to Splunk Free? Hi all, I have switched to Splunk Free after the Enterpise trial expired. The option to set the embedding setting is... by colinyip New Member in Reporting 05-31-2019 0 7	0	7
How to reassign the owner of a _ScheduledView? A user has left our company and I need to reassign his ScheduledViews to another person. How can I do that? Tried ... by nls7010 Path Finder in Reporting 05-29-2019 0 1	0	1
How to disable schedules for all searches for a particular user? I'm attempting with 2 REST calls: 1 to get the list of searches, and 1 to POST is_scheduled = 0. The list curl comma... by twinspop Influencer in Reporting 05-29-2019 0 2	0	2
default.xml update without restarting splunk Is it possible to update default.xml for an application without restarting Splunk? Thanks in advanced. by DTERM Contributor in Reporting 05-23-2019 1 4	1	4
Data model calculated field with max_match Hello, i would like to create a calculated field within a data model with following expression: rex field=_raw (?.*)... by tomaszwrona Explorer in Reporting 05-23-2019 0 0	0	0
Using a service account for scheduled searches Perhaps this has been asked and answered, forgive me if that is the case (and by all means, point me in that directio... by BrianAbbott Explorer in Reporting 05-21-2019 0 2	0	2
splunk alert subject - [EXTERNAL] splunk alert failed Hi All, We used to get splunk alerts with a subject line defined as splunk alert : $name$ From 2 days onwards , Sub... by raj_mpl Path Finder in Reporting 05-17-2019 0 1	0	1
Can you disable all acceleration in data models? Splunk version 6.0.5 CANNOT set configs in "datamodels.conf" to disable acceleration of data models. Use case, some ... by ben_leung Builder in Reporting 05-16-2019 1 3	1	3
Is it possible to create a chart like this in splunk? Hi All, I am trying to do up a chart which consist of 4 different fields as well as the total for each month. Am won... by synastraa Path Finder in Reporting 05-16-2019 0 8	0	8
View saved search SPL without running the search Hi all, I have a few saved searches running on a schedule that I'm using to populate a summary index. My problem is ... by Tedesco1 Path Finder in Reporting 05-15-2019 0 3	0	3
Datamodel Acceleration: Bug, misconfiguration, or by design? Looking at a specific CIM DataModel (Authentication for example): The DataModel specifies a macro as its criteria: c... by nickhills Ultra Champion in Reporting 05-13-2019 1 6	1	6
Large Report Export in CSV, Slow Dashboard Panels using Accelerated Report reference I have a large report that returns data anywhere between 4GB-6GB in a nice tabular format. Report has everything what... by mbasharat Builder in Reporting 05-13-2019 1 7	1	7
hel p for calculating an interval in seconds between now date and a timestamp event hello I need to monitore events included in a now() date and the event creation date So I need to calculate the inte... by jip31 Motivator in Reporting 05-12-2019 0 4	0	4
How do you make a visualization for uptime and downtime in Splunk I need to create a dashboard for my team that displays a chart like this. Our server throws logs on a service ever... by rguiamoy New Member in Reporting 05-10-2019 0 3	0	3
How to get avg license per host for specific indexes I have a request to determine the average license usage per host, for a few selected indexes, on a daily basis. Is t... by a212830 Champion in Reporting 05-10-2019 0 5	0	5
How to create Dynamic Date selection to compare report results for the First day of month and last day of month Hi Everyone, I am trying to compare viewers for first day of the month and Last day of month . Here in this below rep... by puntershot New Member in Reporting 05-09-2019 0 10	0	10
combining alerts into one daily email report I want to generate one daily email showing ALL DMC alerts that have been produced in the last 12 or 24 hours, and won... by vincenp2 New Member in Reporting 05-07-2019 0 1	0	1