×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
allisonwalther
Path Finder
Member since: ‎09-04-2017
‎06-05-2020
Community Statistics
Posts 14
Solutions 2
Karma Given 4
Karma Received 3
Member Since ‎09-04-2017
Activity Feed
View All

Re: Add hyperlink to ITSI Grouped Notable Events

by Splunk Employee in Splunk ITSI
‎05-14-2018 01:49 PM
‎05-14-2018 01:49 PM
This drilldown capability has actually been available since 1.2.0 (but the UI is much prettier now than it used to be). All the drilldown options for the Notable Events Review are documented here: http://docs.splunk.com/Documentation/ITSI/3.1.0/User/CreateCorrelationSearch#Notable_Events ... View more

How do you extract drilldown from notable event an...

by in All Apps and Add-ons
‎01-24-2018 08:54 AM
‎01-24-2018 08:54 AM
It appears that the drilldown field of a notable event disappears when that event is grouped with other events. How could I retain that information? I would like my grouped notable event to display all of the drilldowns of the events that compose it. Single notable event has drilldown link: Grouped notable event does not have any information about drilldown links for individual events: ... View more

Re: Add KPI_Base_Search to ITSI through API Post

by in Getting Data In
‎01-18-2018 10:16 AM
‎01-18-2018 10:16 AM
Ooo good to know, I'll have to change my implementation a little bit. Thanks for sharing! ... View more

Re: MAX_EVENTS issue on local Splunk Enterprise ap...

by in Splunk Enterprise
‎09-05-2017 08:49 AM
‎09-05-2017 08:49 AM
I don't specify a timestamp, I just want it to use the current time of indexing as the timestamp. I guess Splunk is just assuming that's a timestamp and splitting my events there. I am also not using a delimiting character to specify when to break events, but I'll test that out and see if that fixes my problem (I think it will). Thank you! And extra info to those reading, here is my current props.conf: [events] SHOULD_LINEMERGE=true NO_BINARY_CHECK=true CHARSET=AUTO disabled=false MAX_EVENTS=10000 [matrix] SHOULD_LINEMERGE=true NO_BINARY_CHECK=true CHARSET=AUTO disabled=false MAX_EVENTS=10000 ... View more

Re: Splunk python SDK SSL error

by Splunk Employee in Splunk Dev
‎01-29-2019 07:29 PM
‎01-29-2019 07:29 PM
Thank you. This resolved the issue I was having too. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All
Karma given to