cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
claudiaG
Engager
Member since: ‎03-02-2023
‎07-19-2023
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-02-2023
Activity Feed
View All

Show panel based on choosen dropdown value

by in Dashboards & Visualizations
‎07-19-2023 06:50 AM
‎07-19-2023 06:50 AM
Hello all, I have following use case: We have a dropdown filter which reads out the values you can choose from a lookup. Now we would like to implement a simple button that is "hidden" by default but should appear once the specific value "Alaska" is selected in the dropdown filter. How can I implement this? Somehow I cant make it work. I would appreciate every help. Thank you in advance! ... View more
Labels

How to get total disk quota usage of a user OR rol...

by in Monitoring Splunk
‎05-22-2023 05:52 AM
‎05-22-2023 05:52 AM
Hello all, since we can set the setting "srchDiskQuota" for each role in the authorize.conf I would like to know if there is a way to find out how much of the provided disk size has been really used by a specific role or user?  I want to make sure to not reach the srchDiskQuota limit soon. Until now I couldnt find anything like this within the monitoring console. Thanks for a short feedback would be really appreciated. ... View more

How to configure settings for the "nobody" user an...

by in Reporting
‎05-15-2023 04:50 AM
‎05-15-2023 04:50 AM
We currently have an issue with our "nobody" user in splunk whom we assign all our scheduled reports to. we are reaching daily the disk quota limit and  a lot of searches are getting skipped. Message: "The maximum disk usage quota for this user has been reached." Now I want to increase the "srchDiskQuota" in the authorize.conf.  But having two questions: 1. Is it correct that if we want to assign anything to the "nobody" user we need to do this for [default] since the "nobody" user isnt assigned to any role? Or is the user actually part of the role "splunk-system-role"? 2. How can I find out what would be my maximum setting for the "srchDiskQuota" to not brake my system? Thanks for a short feedback. ... View more

Moving data from stash back to an index?

by in Splunk Search
‎03-02-2023 04:36 AM
‎03-02-2023 04:36 AM
Hello all, following use case: We wanted to create a backup of some json data. For this we created a new index called  "xyz_backup" and moved all data from the original index to it. By doing that the sourcetype was set to "stash" in the backup index. Now we want to move the data from the "xyz_backup" index back to the original index. But the sourcetype should be json again and also the field extraction should be back. By running following command the only thing that happens is that the sourcetype gets set to "json" but the data itself is still not in the right json format (field extractions not working etc.).: index=xyz_backup | collect index=original sourcetype=_json How can we get the data back into its original format (json)? The original data is still available and could maybe be "read-in" again by resetting the fishbucket but the bad thing is its only possible for individual files right? not for a complete folder? because we have over 100files...   Thanks in advance for your help or a quick tip. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-19-2023 10:57 AM