Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
1,000 results
Sorted by:
05-14-2020
09:19 AM
1 Karma
I have several questions about data architecture that are rooted in CIM data models and performance considerations.
Background: We have about 2T of new log data every day. Some sourcetypes get 1...
Labels
- Labels:
-
capacity planning
-
indexer
-
Windows
01-23-2017
02:12 PM
1 Karma
...onf2014_DavidClawson_Splunk_how to actually use data models
Learn How to Design, Build and Manage Data Models
Splunk-6.4.3-SearchReference-Datamodel
I am at a loss those on how to start. I have played around with t...
02-10-2021
04:57 PM
Not sure where & how to address the below skipped job. I would appreciate any guidance Report Name Skip Reason (Skip Count) Alert Actions _ACCELERATE_DM_SA-IdentityManagement_I...
- Tags:
- skipped job
Labels
- Labels:
-
report acceleration
06-29-2017
09:13 PM
...tats sum(Megabytes) as Megabytes by user dest_nt_host |eval Megabytes=round(Megabytes,3)| sort -Megabytes| fields user dest_nt_host Megabytes|head 10
Converting into tstats
(| tstats count from data...
- Tags:
- datamodels
- es
- tstats
06-15-2020
09:38 AM
I have a data model that has grown quite large, over 7TB for Network Sessions. Its set to 3 months accelerated. I want to change it 7 days but I'm not sure it will remove the rest of the data s...
Labels
- Labels:
-
administration
-
troubleshooting
03-24-2018
06:31 PM
My Splunk architecture is having 8 Searchheads in a cluster and 40 indexers in a cluster.
If i have to accelerate the data models, i have to update datamodels.conf in all the searchheads. So, I a...
08-11-2016
04:38 AM
1 Karma
Dear Experts,
Kindly help to modify Query on Data Model, I have built the query.
| tstats summariesonly dc(All_Traffic.src) as src_count from datamodel=Network_Traffic where * by A...
- Tags:
- datamodels
02-20-2020
09:28 AM
Hello Im running splunk data model acceleration And it stopped working. It is stuck in skipping and nothing happens With “summariesonly=true” i get no results but if i set it to false i get r...
Labels
- Labels:
-
data model
-
report acceleration
01-04-2018
10:37 AM
Trying to understand the difference between Data Models and Datasets and when to use one vs. the other?
04-22-2019
08:21 AM
Hi all,
I am trying to use data models to extract a search time value from a lookup. However, the value I am using to join to the lookup table is extracted from the source. I have no other way t...
