Search

Muwafi · ‎03-17-2021

Hello Splunkers! We have a situation here and need your help and experience. We are looking for best practice to work with Large CSV files (1Million Rows at least) to produce fast searches a...

ngct2020 · ‎05-23-2020

I'm seeing the error below under messages in my Splunk enterprise console: Missing or malformed messages.conf stanza for TCPOUT:FORWARDING_BLOCKED_Indexer IP ADDress_default-autolb-group DC-Host N...

morethanyell · ‎07-30-2019

Creating Lookup Definition (transforms stanza) can be done on Splunk Web UI. But since we need to point a kv definition to a collections.conf, we must have that stanza in collections.conf. How do w...

spyme72 · ‎06-22-2015

I am setting up permissions for kv store collections. I tried to give permission in local.meta in my app for all the collections, but still getting " Error in 'outputlookup' command: the lookup...

o_calmels · ‎10-03-2019

Hi splunkers, I need to enrich the Checkpoint Firewall logs with the username in my corporate VPN logs. On a first sourcetype, I have the name of the user with his DHCP IP address in the VPN (f...

yoho · ‎05-22-2014

...eyword splunkAddfields accum addinfo addtotals delta eval iplocation lookup multikv rangemap relevancy strcat contained syn keyword splunkExtractfields erex extract kv kvform rex spath xmlkv c...

dstaulcu · ‎05-08-2018

Has anyone figured a way to make kv-store lookups NOT case sensitive on field values? If so, how? We're about to migrate users to a new search head cluster where all large (> 20 MB) public lookup...

bbritten · ‎12-27-2018

I created a test KVStore in order to familiarize myself with the API. It has about 20 records in it, all of which are listed under the user nobody (viewable from search). However, when running |in...

manikandankasi · ‎05-14-2019

...ame "test_data_kvstore" and added data to it aswell (using python sdk). next i have defined kvlookup in splunk search head (web ui & gave global permission) then i just try to see the kvstore d...

pc1234 · ‎12-21-2017

how can i combine queries to populate a lookup table? I have a lookup table with the following values item 1 2 3 i'm using the splunk web framework to allow a user to insert an item....

Search

Search the Community

Help with CSV - Special Case

Error Message on indexer console

How do we define collections.conf in SplunkCloud?

How to provide permissions for kvstore lookups?

CheckPoint VPN - Get username with each firewall l...

VIM syntax highlighting for splunk config files

Why are the kvstore lookups uncharacteristically c...

How come when I run inputlookup myLookupTest, it's...

where splunk kv store data has been stored in splu...

How can I combine 2 searches consisting of inputlo...