Hello, 1) What is the differencebetween using "| summaryindex" and "| collect"? Thank you for your help. Summaryindex is generated by a scheduled report. I clicked "view recent" and the f...
...t is sending events to Splunk. Every log show time difference. The differencebetween _time and time shown is always on 1 hour, for every events on every log sources. I searched here on community and...
Hi 🙂 i'm new hier and i still don't understand the differencebetween summary indexing and data modeling. When should I use each? Or which is the best option for optimizing searches?
Hello, does editing ES roles on Permissions page is same as editing ES roles in Splunk's native edit role page? I guess they both point to ES authorize.conf but native's one can work with custom ro...
Hi
Even if i have read some documentations, i have difficulty to understand the differencebetween macro and eventtype
I use macro essentially for index + sourcetype agregation but is somebody c...
Could someone please show the differencebetween nomv and mvcombine with some examples? What I have seen is that both work exactly the same way and delim parameter in mvcombine doesn't work as e...
Hello, I'm just having a bit of difficulty differentiating between Splunk Enterprise, ITSI, SOAR, UBA, and Enterprise Security. It seems like they all do similar things. Do they a...
What is the differencebetween the NOT operator and the != operator?
I have always used NOT up to this point, but am seeing some very strange behavior associated with it today* and != s...