Splunk Enterprise

Community Activity

How to manage authorize.conf and authentication.conf in a SHC? Hello.I am running 8.2.2 on Linux. I have a SHC with three members.I have three indexes. I would like to restrict t... by Jamie Path Finder in Splunk Enterprise 07-04-2023 0 10	0	10
Splunk Light and Universal Forwarder: nullQueue not working Running a Splunk light instance with Linux/Universal Forwarders and I can't seem to filter out data. Reading up doc's... by enderless New Member in Splunk Enterprise 07-03-2023 0 12	0	12
How do I reconfigure _time field? Hey, It has been several days that I'm trying to solve the following issue. I'm sending JSON data over tcp (9997), th... by Hod152 Explorer in Splunk Enterprise 07-02-2023 0 9	0	9
Python Error After Upgrading from 8.2.2.1 to 9.0.2 Our Dev Splunk instance was recently upgraded from Splunk Enterprise 8.2.2.1 to 9.0.2.I am getting the following erro... by splunkkitty Path Finder in Splunk Enterprise 06-30-2023 0 3	0	3
Upgrade Splunk Universal forwarder version from 8.1 to 9.0 directly? Hi Team, We are now migrated to Splunk cloud platform version 9.0.x and the logs we are collecting from different log... by Gayatri Explorer in Splunk Enterprise 06-30-2023 0 2	0	2
how to add a column Hi , needed a help. i need to add a column that is added newly to the sql data.below is the query\| savedsearch ABC\| j... by Keerthi Path Finder in Splunk Enterprise 06-30-2023 0 1	0	1
multiple lines are coming as single event Hi Team,I am collecting metrics using API calls for every 5 minutes , but all the metrics are coming as a single even... by roopeshetty Path Finder in Splunk Enterprise 06-30-2023 0 1	0	1
Search help please Good morning!! I am a Beginner in Splunk, below query only tell me whether HF is DOWN or HEALTHY.++++++++++++++++++++... by surajsplunkd Explorer in Splunk Enterprise 06-29-2023 0 1	0	1
Multivalue field problem Is there any way to use without "mvexpand" IDcurr_rowcomparison_result19Turn onequal191245equal191245equal191245equal191245equal191245equal191245equal20Turn onn... by Kirthika Path Finder in Splunk Enterprise 06-29-2023 0 3	0	3
Is this how hot/warm buckets on nutanix object store and worm work? Hi I am writing the implementation document for Splunk on Nutanix. Thinking about backup for disaster recovery, data... by jariw Path Finder in Splunk Enterprise 06-29-2023 0 3	0	3
Why is Savedsearch giving only partial results? I have a saved search pushed to my splunk app. The search only gives me partial events searched (9k events ), where... by analysthok Loves-to-Learn Lots in Splunk Enterprise 06-29-2023 0 1	0	1
Custom REST Endpoints not working? We have created the custom REST endpoints and its working in Splunk server 8.1.3.But same REST end point is not worki... by silambarasu Explorer in Splunk Enterprise 06-29-2023 0 13	0	13
How to create and set up indexer? Hello, I’m trying to set up a cluster and I know that I need to have an indexer set up, however, I have no idea how t... by SamuraP Engager in Splunk Enterprise 06-28-2023 0 1	0	1
How do I set up 2 peer nodes in my environment? Hello, I'm trying to set up 2 peer nodes in my environment, however, every time I go and enable the peer node it give... by SamuraP Engager in Splunk Enterprise 06-27-2023 0 1	0	1
Why am I unable to ingest xml data into Splunk? I am tring to ingest xml file data using below inputs.conf configuration. I am unable to ingest the data. i am not ge... by sagar_shubham23 Explorer in Splunk Enterprise 06-27-2023 0 1	0	1
About Parsing on Splunk- help with props.conf and stransforms.conf? i have ingested logs on univesral forwarder by creating file under/var/log/filename .log & connected to heavy forward... by sudarshan19 New Member in Splunk Enterprise 06-27-2023 0 3	0	3
Why receiving error"This dashboard version is missing. Update the dashboard version in source" after upgrading on prem? We recently upgraded our on prem Splunks to version 9.0.0 and now any time we click on our home grown Dashboards we g... by Gregski11 Contributor in Splunk Enterprise 06-27-2023 0 11	0	11
How do I make a Custom dashboard with js? Hello everyone, I need some help with a spl request. <row><panel><title>SUIVI DES FLUX - TRANSMISSION WS</title><i... by anissabnk Path Finder in Splunk Enterprise 06-26-2023 0 1	0	1
Smartstore with S3 - how to authenticate AWS EKS v1.24+ with Splunk 9.0.* and Smartstore ? Hi,we have been running indexer pods with Smartstore on S3 for a while without problems. When upgrading to AWS EKS v1... by aroth New Member in Splunk Enterprise 06-26-2023 0 0	0	0
Tabs in Dashboard Studio- Is there a way to implement multiple tabs/pages for a single dashboard? Is there a way to implement multiple tabs/pages for a single dashboard? I have previously asked how to do this and I ... by sizemorejm Explorer in Splunk Enterprise 06-23-2023 0 0	0	0
Will my ITSI setting work- itsi_notable_event_retention.conf? does setting the following configuration in itsi_notable_event_retention.conf will send the events if limit is reache... by abhisplunk1 Explorer in Splunk Enterprise 06-23-2023 0 0	0	0
Oracle Linux 7 Glibc issue and solution Upgrading glibc package version 2.17-326.0.5.el7_9 on Oracle Linux 7 can cause crashes.Please see https://github.com... by dwest_splunk Splunk Employee in Splunk Enterprise 06-22-2023 1 0	1	0
SavedSearch API - Update my splunk report I need an API call to run a Splunk report that has already been saved and add the most recent values to the report.I... by analysthok Loves-to-Learn Lots in Splunk Enterprise 06-22-2023 0 0	0	0
How to create a search to join two query's for common values to populate results in table? "my base query 1 to Total _count_of_sucess_transactions" \| rex "URI\s*(?<URI>[^\=\n]+)""my base query 2 to track... by kc_prane Communicator in Splunk Enterprise 06-22-2023 0 3	0	3
Is it possible to have alerts and reports assigned to nobody as owner? would there ever be a scenario where its acceptable to have enabled alerts and or reports running which are not assig... by Gregski11 Contributor in Splunk Enterprise 06-22-2023 0 4	0	4