Splunk Community
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.

Find answers, ask questions, and connect with our community of consumers and specialists.

121K Members 2,064 Online 157K Posts

Modernize your security operations with the SANS report, Rethinking Detection Engineering, which offers a practical, threat-informed roadmap. By leveraging Detection-as-Code and MITRE ATT&CK, your team can transition to a proactive, risk-based alerting model that reduces overhead.

Additional Help & Resources

Getting Started

Learn more about the Splunk Community and how we can help

Community Blog

Community happenings, product announcements, and Splunk news

Learning Paths

Discover Community and Learning Resources for your Role

User Groups

Meet up with other Splunk practitioners, virtually or in-person

Office Hours

Webinar-style deep dives and workshops for hands-on guidance

Community Activity
wp-uk-36

Have Splunk error out when unknown field used in search

Hi,From time to time I make typos in field names in my Splunk SPL searches and very rightly Splunk returns nothing in...
by wp-uk-36 Explorer in Splunk Search 17m ago
1 6
1
6
0xAli

Threat Intel: Add threat intelligence from Splunk events

Hi Everyone,We have integrated Crowdstrike falcon with splunk and we retrieved the IOC in index=cs_ioc.Using the belo...
by 0xAli Explorer in Splunk Enterprise Security 3 hours ago
0 3
0
3
mike_k

Best practice for archiving frozen data

I am in the process of pulling together a design for a new Splunk deployment.The deployment will be on the small side...
by mike_k Path Finder in Splunk Enterprise 17 hours ago
0 4
0
4
Wohamed_wakkad

Syslog and UF HA approaches

According to Splunk Validated architecture of designing HA between 2 syslog server  the documentation says this -->  ...
by Wohamed_wakkad Loves-to-Learn in Deployment Architecture 17 hours ago
0 4
0
4
sgabriel62

Correct syntax for new WinEventLog Entry

I have been given the task to insert or attempt to insert Event Logs from  Applications and Service Logs.Im assuming ...
by sgabriel62 New Member in Splunk Enterprise 17 hours ago
0 2
0
2
spoonmaniac

internal index always exceed the Max Size defined

Hello there,I have an issue with the internal index of my indexers (_audit, _introspection, _metrics) because, for an...
by spoonmaniac Observer in Splunk Enterprise 17 hours ago
0 5
0
5
aqtran01

Proofpoint TAP SIEM Modular Input Issue

I'm currently running Splunk Cloud, Splunk Enterprise version:10.1.2507.21, in Victoria experience.I installed the Pr...
by aqtran01 New Member in All Apps and Add-ons yesterday
0 1
0
1
loriexi

EMEA Community Office Hours: Enterprise Security Essentials & Premier

[Register Coming Soon]  This thread is for the EMEA Community Office Hours session on  Enterprise Security Essentials...
by loriexi Splunk Employee Splunk Employee in Community Office Hours yesterday
0 0
0
0
apiprek2

Border Add-on for OutSystems Logs - configuration issues (app 8334)

Hi, I'm having some issues configuring this add-on.  I installed the add-on v0.0.0+9fa6d17 on a Splunk Enterprise 10....
by apiprek2 Explorer in All Apps and Add-ons yesterday
0 1
0
1
Rafaelled

Cisco Security Cloud Estreamer Issues

Good Afternoon,I have been at war with the estreamer app for 2 weeks and I can not get this to work. Below is the cur...
by Rafaelled Explorer in Getting Data In yesterday
1 1
1
1
fabrizioalleva

Passing search results to a python script in alert_actions

Hi all,I'm trying to execute a script in a scheduled Alerts, when results of a search are greater than 0.I've created...
by fabrizioalleva Path Finder in Splunk Enterprise yesterday
0 0
0
0
SplunkExplorer

Architecture: criteria for number of Indexers estimation

Hi Splunkers, I'm curious about a sizing issue: deciding the number of Indexers.I've addressed this topic many times,...
by SplunkExplorer Contributor in Splunk Enterprise yesterday
1 9
1
9
NullZero

Deployment Server | Clustered environment 10.2.x

IHAC that has a distributed DS/LM/MC in a DMZ environment (see image). It's a new RHEL build on 10.2.2 and clients ha...
by NullZero Path Finder in Deployment Architecture yesterday
0 2
0
2
jordanmorgan

Unexpected status for to fetch REST endpoint uri=https://127.0.0.1:8089/services/storage/investigation/investigation?cou

Unexpected status for to fetch REST endpoint uri=https://127.0.0.1:8089/services/storage/investigation/investigation?...
by jordanmorgan Observer in Splunk Enterprise Security yesterday
0 1
0
1
becksyboy1

Ingest Claude OpenTelemetry logs

Hi All,Has anyone tried to ingest Claude OpenTelemetry logs into Splunk? I'd be interested in understanding what appr...
by becksyboy1 Engager in Getting Data In yesterday
0 4
0
4
SplunkCommunity

How to Personalize Your Community Experience

Overview The Splunk Community home page features a Personalized Activity Feed toggle. While this feature is visible b...
by Community Manager Community Manager in Welcome Center Thursday
0 0
0
0
iamryan

New: Search and Personalization just got a major upgrade!

Hello Splunkers,  We’re excited to share two big upgrades coming to community.splunk.com today. These changes are all...
by Community Manager Community Manager in Community Blog Thursday
1 0
1
0
cipher

Connection to .splunkcloud.com timed out

Hi all,I’ve been using the Splunk API to fetch alert data via /search/jobs/{sid}/results. For authentication, I’m usi...
by cipher Explorer in Splunk Cloud Platform Thursday
0 4
0
4
LesediK

Tech Talk | AI-Powered Data Management

  Now On-Demand   Join our Splunk experts for an exclusive Tech Talk as we explore the Cisco Data Fabric architecture...
by LesediK Splunk Employee Splunk Employee in Splunk Tech Talks Thursday
0 2
0
2
Ish42

Offline Documentation?

New to splunk... I am installing it on an ISOLATED and OFFLINE Network, as such I cannot go to help.splunk.com to loo...
by Ish42 New Member in Splunk Enterprise Thursday
0 2
0
2
harris

DB Connect Unable to Create Output with MongoDB – dbxquery Validation Error

help me resolve i am done with updating drivers and all random stuff please me resolve this query
by harris New Member in All Apps and Add-ons Thursday
0 2
0
2
Glasses2

Splunk Hybrid Cloud Architecture

Hello,I am scoping out a cloud migration from a distributed on-prem Splunk Enterprise deployment to a Hybrid  Splunk ...
by Glasses2 Communicator in Splunk Cloud Platform Thursday
0 6
0
6
gnagasri

Host override not working.

Sample events - working in regex101 : https://regex101.com/r/LuC6ZQ/1| rex field=_raw "nsssvcip\=(?<host>\d+\.\d+\.\d...
by gnagasri Loves-to-Learn in Getting Data In Thursday
0 3
0
3
mangelastro

Any plans to udpate Confluence Cloud Log Ingestor to work with Splunk Cloud version 10?

Hi our organization is upgrading to Splunk Cloud 10 and the Hurrican Labs Confluence Cloud Audit Log Ingestor only wo...
by mangelastro Observer in Splunk Cloud Platform Thursday
0 5
0
5
tomapatan

Splunk Cloud app shows correct version but serves outdated JS from appserver/static

I’ve created a custom Splunk app (TA-custom_scripts) that contains JavaScript and CSS files located at:etc/apps/TA-cu...
by tomapatan Contributor in Splunk Dev Thursday
0 6
0
6
View More Posts
Splunk Learning

Splunk has training and education options for everyone, whether it's your first or fiftieth deployment.

Get Started

Top Solution Authors
View All
Announcements
Register for Upcoming Live Tech Talks! Security, Observability, Platform and App Developer Editions are held every month.

How digitally resilient are you? Take a quick Digital Resilience Assessment to find out if you're prepared for disruption!
Upcoming events
View More
Quick Peak, Big Impact - Splunk Dashboarding in 2025. London (GB) Dec 16, 2025 @ 11:00 AM 15 attending
Splunk Enterprise Security 8 - Give me a "Response" or give me life Washington, DC, DC (US) Dec 16, 2025 @ 17:30 PM 20 attending
Szóste spotkanie Splunk User Group w Polsce Warsaw, Masovian Voivodeship (PL) Dec 17, 2025 @ 16:00 PM 39 attending
AI can exSPLain - Rome Rome, Lazio (IT) Dec 18, 2025 @ 09:00 AM 21 attending
Quick Peak, Big Impact - Splunk Dashboarding in 2025. London (GB) Dec 16, 2025 @ 11:00 AM 15 attending
View More

Meet the SplunkTrust

"Being a member of SplunkTrust as well as a User Group Leader enriches my knowledge of Splunk greatly. I am exposed to and learn so much about Splunk that I can be on top of any new features well ahead of the game." - Becky Burwell

The SplunkTrust is comprised of our most dedicated community members. They assist other members, participate in events, demonstrate the power of Splunk's products, and help guide future roadmaps.

Learn more
Top Solution Authors
View All
Latest Blog Activity

New: Search and Personalization just got a major upgrade!

Hello Splunkers,  We’re excited to share two big upgrades coming to community.splunk.com today. These changes are all about making the community experience faster, more relevant, and uniquely yours.  ...
iamryan
on Community Blog Thursday
1 Karma
1 Replies
96 Views

Tech Talk | AI-Powered Data Management

  Now On-Demand   Join our Splunk experts for an exclusive Tech Talk as we explore the Cisco Data Fabric architecture and introduce our latest AI-powered data management capabilities designed to turn ...
LesediK
on Splunk Tech Talks Thursday
0 Karma
3 Replies
763 Views

GA: Detection Studio and Exposure Analytics in Enterprise Security (ES) 8.5

In this latest release of Enterprise Security (ES), we are excited to announce that  Detection Studio and Exposure Analytics are now generally available (GA) for both ES Essential and ES Premier ...
OliviaHenderson
on Product News & Announcements Wednesday
0 Karma
1 Replies
700 Views

Boost Customer Experience with Splunk Real User Monitoring

How Splunk Real User Monitoring Helps You Find and Fix Front-End Issues Faster Your front-end is where customer experience lives or dies and traditional monitoring tools aren't built for today's ...
NickG
on Community Blog Wednesday
0 Karma
1 Replies
91 Views

Additional Help & Resources