Knowledge Management

Discussions

Thread Info

6.6.x summary indexing: Where'd it go? Where'd the indexes go?

In the re-write of the searches and reports interface, they've moved summary indexing to its own menu item under Edit...

by Influencer in

Missing fields after collect command is ran on a search

Hello, I have the following search query which retrieves the metadata for all the splunk search queries ran in the la...

by Explorer in

What is correct way to set-up Stream Forwarders with an Index Cluster?

In the process of trying to get Splunk App for Stream up and running in a distributed deployment using an index clust...

by Communicator in

Ingestion of Data in Summary Index

Hi, I wonder whether someone may be able to help me please. I've created a Summary Index and populated it with the...

by Motivator in

database conditional input

I have an oracle database connection that I need to run a select and look for records and then check whether or not e...

by Loves-to-Learn Lots in

Why are Event Type tags not being applied to matching events?

I have a very straightforward Event Type: index="windows" sourcetype="WinHostMon" source="service". I want it to appl...

by Builder in

join on billions of records

My dataset that I need to join on is about half a billion. Since a subsearch is slow what is the alternative to using...

by New Member in

With token values obtained from 1st dashboard on this Splunk instance, open 2nd dashboard on another Splunk instance that displays related to the token values

Hi Splunk community Is it possible to click on a row in a table, set tokens to the clicked values on a dashboard b...

by Path Finder in

What has changed in Splunk 7 regarding search modes?

I have a search that seems to work in any mode (fast, smart, verbose) on 6.6.2, but only works in smart or verbose mo...

by Explorer in

How does the CIM Data Model Acceleration Earliest Time vs Summary Range differ from each other?

Having trouble wrapping my head around the various "times" associated with data model acceleration. In the CIM setup,...

by Path Finder in

Summary Index Usage tutorial

Does anyone know of a good tutorial for using the summary index. I have a number of daily stats that I would like to ...

by Path Finder in

How frequently should bundles be pushed out?

Hi, I noticed that our bundles are getting warning errors, and then I realized that they are getting pushed out ev...

by Champion in

Using a field value to reference a lookup column

Hi Is there any way I can use a field value to reference a column in a lookup In my events I have a field call...

by Explorer in

I have around 10 to 15 panels in a dashboards. please help in creating summary index

please help me in creating summary index for the 15 panels. All the datas comes from two indexes which is not saved a...

by Builder in

Summary Index for non-stats data?

I'm trying to create searches that can parse through a large set of events to return daily reports. Essentially count...

by Builder in

Are there any negative impacts to enabling this feature: loggrabber --no-resolve argument to turn object name resolution off?

Check point related: are there any negative impacts to enabling this feature: loggrabber --no-resolve argument to tur...

by New Member in

What are the best practices around the Splunk Init file?

All, So I set my ulimits, agree to licensing and kill THP with my Splunk init script. Any other best practices, r...

by Builder in

Search Factor Question - In regards to search speed what is the efficacy of increasing the SF by N?

I'm currently not using indexer clustering. I'm on all flash storage and I'm looking into increasing the speed of som...

by Path Finder in

Why is an internal error occurring while saving the glass table?

Can you please help? While saving the glass table, a pop box appears which contain " An internal error occurred De...

by Loves-to-Learn Lots in

what is the difference between addinfo and search?

Could anyone please provide the difference between addinfo and search Please

by Motivator in

we need to build new OS of our Splunk servers from 2008 to 2016,

we need to build new OS of our Splunk servers from 2008 to 2016, currently we have using Splunk enterprise 6.2 versio...

by Path Finder in

Splunk Forwarder Data Verification

I installed Splunk Forwarder on CentOS 7.4 using the following steps: wget http://xxxxr/Splunk/splunkforwarder-6.6...

by Explorer in

How to use calculated fields created using Splunk Web in search?

Hi I created a calculated field called "SUCCESS" using Splunk Web on sourcetype. The calculated field eval condition ...

by Explorer in

Rule to detect 'windows audit log cleared'

here is the start of my search but having issues figuring out the best way to capture the information i need. | ts...

by Path Finder in

Optimize usage of server resources

I have Splunk running on a Windows Server 2016 blade with 20 cores and 384GB of RAM. It never uses more than 15% CPU ...

by Path Finder in

Get Updates on the Splunk Community!

Knowledge Management

Discussions

6.6.x summary indexing: Where'd it go? Where'd the indexes go?

Missing fields after collect command is ran on a search

What is correct way to set-up Stream Forwarders with an Index Cluster?

Ingestion of Data in Summary Index

database conditional input

Why are Event Type tags not being applied to matching events?

join on billions of records

With token values obtained from 1st dashboard on this Splunk instance, open 2nd dashboard on another Splunk instance that displays related to the token values

What has changed in Splunk 7 regarding search modes?

How does the CIM Data Model Acceleration Earliest Time vs Summary Range differ from each other?

Summary Index Usage tutorial

How frequently should bundles be pushed out?

Using a field value to reference a lookup column

I have around 10 to 15 panels in a dashboards. please help in creating summary index

Summary Index for non-stats data?

Are there any negative impacts to enabling this feature: loggrabber --no-resolve argument to turn object name resolution off?

What are the best practices around the Splunk Init file?

Search Factor Question - In regards to search speed what is the efficacy of increasing the SF by N?

Why is an internal error occurring while saving the glass table?

what is the difference between addinfo and search?

we need to build new OS of our Splunk servers from 2008 to 2016,

Splunk Forwarder Data Verification

How to use calculated fields created using Splunk Web in search?

Rule to detect 'windows audit log cleared'

Optimize usage of server resources

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

Enterprise Security Content Update (ESCU) | New Releases

New Splunk TcpOutput persistent queue

Solutions: "Splunk could not get the description f...

Restore Datasets in a Data Model from an App

After upgrade to 9.1.x and above overall increased...

Routing events on UF for sourcetypes with INDEXED_...

Knowledge Management

Are you a member of the Splunk Community?

Discussions