×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
BTrust
Path Finder
Member since: ‎07-02-2024
‎10-07-2025
Community Statistics
Posts 22
Solutions 1
Karma Given 8
Karma Received 1
Member Since ‎07-02-2024
Activity Feed
View All

Re: How do I find internal and external ip address...

by in Splunk Search
a month ago
a month ago
FYI, it's on official Splunkbase now: https://splunkbase.splunk.com/app/8107 ... View more

Re: merging local into default using git

by in Splunk Search
‎04-04-2025 11:09 AM
‎04-04-2025 11:09 AM
Thanks @isoutamo , This was a great and useful input, most appreciated👍 ... View more

Re: Change index name of metrics data

by in Getting Data In
‎02-25-2025 01:05 PM
‎02-25-2025 01:05 PM
Hi @richgalloway As I’ve tried to explain right from the beginning, It has been metric date all the time, why the default defined (event) index name had to be changed to a metric index name, which now works as a charm on the HF, so it was all durable and works perfectly. Thanks for all your input- they helped me to focus on the details here👍😊 All the best ... View more

Re: How to split large combi JSON array into indiv...

by SplunkTrust in Getting Data In
‎09-28-2024 10:54 AM
‎09-28-2024 10:54 AM
You're thinking in wrong order. That's why I'm saying it's not possible with Splunk alone. If you don't know this one, it's one of the mainstays of understanding of Splunk indexing process- https://community.splunk.com/t5/Getting-Data-In/Diagrams-of-how-indexing-works-in-the-Splunk-platform-the-Masa/m-p/590774 As you can see, line breaking is one of the absolute first things happening with the input stream. You can't "backtrack" your way within the ingestion pipeline to do SEDCMD before line breaking. And, as I wrote already, it's really a very bad idea to tackle structured data with regexes. ... View more

Re: Sourcetype is visible, but not searchable afte...

by SplunkTrust in Getting Data In
‎07-11-2024 05:58 AM
‎07-11-2024 05:58 AM
Glad you figured it out!!! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-07-2025 01:03 PM
Karma from
View All