In the below screenshot, we can see that from November 6th onwards, there are three sources generated in Splunk; it shows only one "File Collector: DepTrayCaseQty." Splunk created unnecessary two oth...
To obtain the results in a dashboard I am using following things.
1.) First I created datamodel
2.) Datamodel I have used in macros which is running 1h and 1d basis.
3. pass those macros in s...
Hello Splunkers !! I am getting below while executing backfill summary index command in my Splunk machine. Anyone can suggest me what will be the issue and where I need to correct Below c...
Hello When I turned on Total for Statistics under Format > Summary, the output shows long digit after decimal point: Total: 1129.3600000000001 How do I round this number to 1129 or 1130?&n...
Hi All, I am trying to create a summary index that runs once in a week and I want only few fields to be populated in the summary Index. Questions : 1) I want only three fields i...
...query we have other 4 panels with different field names. The task is i need to get the output of 5 panels into a summary index. Retention period to 60 days query need to r...
summary index merges multiple line values into one row, while regular index put the values into a separate lines, so when I used stats values command on summary idnex to group by ip, the m...
Hi 🙂 i'm new hier and i still don't understand the difference between summary indexing and data modeling. When should I use each? Or which is the best option for optimizing searches?
Is it possible to have action.summary_index._name have multiple values? Ie. can I have a saved search write to more than one summary index?
Ex. action.summary_index._name = my_alerts,general_summary