Splunk Community
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.

Find answers, ask questions, and connect with our community of consumers and specialists.

121K Members 55.1K Online 157K Posts

Modernize your security operations with the SANS report, Rethinking Detection Engineering, which offers a practical, threat-informed roadmap. By leveraging Detection-as-Code and MITRE ATT&CK, your team can transition to a proactive, risk-based alerting model that reduces overhead.

Additional Help & Resources

Getting Started

Learn more about the Splunk Community and how we can help

Community Blog

Community happenings, product announcements, and Splunk news

Learning Paths

Discover Community and Learning Resources for your Role

User Groups

Meet up with other Splunk practitioners, virtually or in-person

Office Hours

Webinar-style deep dives and workshops for hands-on guidance

Community Activity
andrew_lander

SPLUNK UF on WIN7 32 bit System

Hi, I'm attempting to install the latest SPLUNK UF on a WIN7 32bit system, which cant be upgraded. Every time I try t...
by andrew_lander New Member in Splunk Enterprise 37m ago
0 2
0
2
anissabnk

extract time with sc4s

Hello, I hope you are well. I’m having some issues with log parsing on the rsyslog side.Let me explain: I’m working w...
by anissabnk Path Finder in Splunk Enterprise an hour ago
0 4
0
4
Pooja1

SSL vulnerabilities

Hi Splunk, Could you please help me to resolve the below mentioned vulnerability.SynopsisThe remote service encrypts ...
by Pooja1 Loves-to-Learn Everything in Splunk Enterprise 2 hours ago
0 7
0
7
artkhod

SPL2 searches acceleration

Hi,I haven't seen the acceleration mentioned anywhere in regards to SPL2.I have saved a sample search as a report for...
by artkhod New Member in Splunk Search 2 hours ago
0 0
0
0
Sherminator

Test Triggering Events in Splunk Enterprise

Hello, We have a large number of dashboards and queries in our Splunk instance, and some of those are meant for monit...
by Sherminator New Member in Splunk Enterprise Security 3 hours ago
0 3
0
3
fatsug

Issue making value lowercase through eval in props.conf and or transforms.conf

Trying to make som CIM compliant aliases as well as making the values standard format for compliance with another CIM...
by fatsug Builder in All Apps and Add-ons 5 hours ago
0 7
0
7
zapping575

INDEXED_EXTRACTIONS, Universal Forwarder & Splunk Cloud

One of my sourcetypes is a CSV file (with CSV header)I was using this sourcetype stanza in props.conf:[foo_bar] INDEX...
by zapping575 Communicator in Getting Data In yesterday
0 1
0
1
aqtran01

Proofpoint TAP SIEM Modular Input Issue

I'm currently running Splunk Cloud, Splunk Enterprise version:10.1.2507.21, in Victoria experience.I installed the Pr...
by aqtran01 New Member in All Apps and Add-ons yesterday
0 2
0
2
BlueSocket

Why does the Splunk Upgrader for Linux 1.0.3 assume that the Splunk user is root if there is a System Unit file?

I have been trying to get the Splunk Remote Upgrader for Linux Universal Forwarders 1.0.3 app to work and upgrade our...
by BlueSocket Contributor in All Apps and Add-ons yesterday
0 5
0
5
Jaryed

JSON: Dashboard Tokens no longer being accepted in certain fields?

Im not sure if there was an update to our system recently, but a behavior change has left me stumped as to what to do...
by Jaryed New Member in Dashboards & Visualizations yesterday
0 1
0
1
Kamachi

Splunk TA for O365 – Message Trace input fails with repeated HTTP 500

Hi there,We’re seeing consistent ingestion failures with the Message Trace (MT) input in the Splunk Add-on for Micros...
by Kamachi Explorer in All Apps and Add-ons yesterday
0 3
0
3
Elina

Exporting and Importing response plans

Hello,I was wondering if there is a way to import/export response plans and investigations in splunk8.x,my goal is to...
by Elina Engager in Splunk Dev yesterday
0 3
0
3
SplunkIsFun

How to load Teams Azure Audit log events into Splunk - Not just the Teams Calling data

Hi Community,We have the "Splunk Add-on for Microsoft Office 365" installed.  We've created "Inputs" for "Audit.Azure...
by SplunkIsFun Engager in All Apps and Add-ons Tuesday
1 1
1
1
Tapas_Acharya

SAP Application ABAP Agent & SDK Agent Port connectivity Details

Hi Community,Can someone help us with my below queries related to these ports for ABAP agent & SDK agent set up confi...
by Tapas_Acharya Loves-to-Learn Lots in Splunk AppDynamics Tuesday
0 0
0
0
msmadhu

DBconnect 4.2.1 Unable to decrypt password

HiIs there any way to decrypt or retrieve the clear‑text password for an identity stored in Splunk DB Connect?We are ...
by msmadhu Path Finder in All Apps and Add-ons Tuesday
0 2
0
2
LovingSplunk

How can I move Cribl ingestion to Splunk safely?

We are planning to decommission our Cribl environment and migrate all data ingestion directly back to Splunk. I am lo...
by LovingSplunk Path Finder in Deployment Architecture Tuesday
0 3
0
3
akai

Metadata token inside macro

Hello,I have a requirement where I need to have the name of the current running saved search available to itself. And...
by akai Explorer in Splunk Enterprise Monday
0 0
0
0
BluFalcon

Splunk KnowBe4 Integration

I was wondering if any one has successfully onboard KnowBe4 data? I don't see a TA or App on Splunkbase.
by BluFalcon Engager in Getting Data In Monday
0 8
0
8
mike_k

Best practice for archiving frozen data

I am in the process of pulling together a design for a new Splunk deployment.The deployment will be on the small side...
by mike_k Path Finder in Splunk Enterprise Monday
0 5
0
5
apiprek2

Border Add-on for OutSystems Logs - configuration issues (app 8334)

Hi, I'm having some issues configuring this add-on.  I installed the add-on v0.0.0+9fa6d17 on a Splunk Enterprise 10....
by apiprek2 Explorer in All Apps and Add-ons Monday
0 2
0
2
luispulido

Intermittent CrowdStrike Falcon Event Streams

Hi everyone,I'm currently experiencing an intermittent issue with the CrowdStrike Falcon Event Streams Technical Add-...
by luispulido Explorer in All Apps and Add-ons Monday
0 2
0
2
varungupta

Introducing the AI-Powered Self-Healing Pipeline for CIM Compliance Alpha Program

Introducing the Self-Healing Pipeline: AI Powered CIM Compliance  Maintaining data integrity within your security and...
by varungupta Splunk Employee Splunk Employee in Product News & Announcements Monday
0 0
0
0
Mt4real

Error Forbidden in Splunk Security Essentails Baseline Search

Hello everyone, I am using Splunk Developer Edition . I did  contents mapping for the first time in Splunk Security E...
by Mt4real New Member in Share a Tip Monday
0 3
0
3
Ish42

Offline Documentation?

New to splunk... I am installing it on an ISOLATED and OFFLINE Network, as such I cannot go to help.splunk.com to loo...
by Ish42 Engager in Splunk Enterprise Monday
1 3
1
3
fabrizioalleva

Passing search results to a python script in alert_actions

Hi all,I'm trying to execute a script in a scheduled Alerts, when results of a search are greater than 0.I've created...
by fabrizioalleva Path Finder in Splunk Enterprise Monday
0 2
0
2
View More Posts
Splunk Learning

Splunk has training and education options for everyone, whether it's your first or fiftieth deployment.

Get Started

Top Solution Authors
View All
Announcements
Register for Upcoming Live Tech Talks! Security, Observability, Platform and App Developer Editions are held every month.

How digitally resilient are you? Take a quick Digital Resilience Assessment to find out if you're prepared for disruption!
Upcoming events
View More
Quick Peak, Big Impact - Splunk Dashboarding in 2025. London (GB) Dec 16, 2025 @ 11:00 AM 15 attending
Splunk Enterprise Security 8 - Give me a "Response" or give me life Washington, DC, DC (US) Dec 16, 2025 @ 17:30 PM 20 attending
Szóste spotkanie Splunk User Group w Polsce Warsaw, Masovian Voivodeship (PL) Dec 17, 2025 @ 16:00 PM 39 attending
AI can exSPLain - Rome Rome, Lazio (IT) Dec 18, 2025 @ 09:00 AM 21 attending
Quick Peak, Big Impact - Splunk Dashboarding in 2025. London (GB) Dec 16, 2025 @ 11:00 AM 15 attending
View More

Meet the SplunkTrust

"Being a member of SplunkTrust as well as a User Group Leader enriches my knowledge of Splunk greatly. I am exposed to and learn so much about Splunk that I can be on top of any new features well ahead of the game." - Becky Burwell

The SplunkTrust is comprised of our most dedicated community members. They assist other members, participate in events, demonstrate the power of Splunk's products, and help guide future roadmaps.

Learn more
Top Solution Authors
View All
Latest Blog Activity

Introducing the AI-Powered Self-Healing Pipeline for CIM Compliance Alpha Program

Introducing the Self-Healing Pipeline: AI Powered CIM Compliance  Maintaining data integrity within your security and analytics pipelines is a constant challenge. As data sources evolve, field ...
varungupta
on Product News & Announcements Monday
0 Karma
1 Replies
775 Views

New: Search and Personalization just got a major upgrade!

Hello Splunkers,  We’re excited to share two big upgrades coming to community.splunk.com today. These changes are all about making the community experience faster, more relevant, and uniquely yours.  ...
iamryan
on Community Blog Thursday
1 Karma
1 Replies
183 Views

Tech Talk | AI-Powered Data Management

  Now On-Demand   Join our Splunk experts for an exclusive Tech Talk as we explore the Cisco Data Fabric architecture and introduce our latest AI-powered data management capabilities designed to turn ...
LesediK
on Splunk Tech Talks Thursday
0 Karma
3 Replies
849 Views

GA: Detection Studio and Exposure Analytics in Enterprise Security (ES) 8.5

In this latest release of Enterprise Security (ES), we are excited to announce that  Detection Studio and Exposure Analytics are now generally available (GA) for both ES Essential and ES Premier ...
OliviaHenderson
on Product News & Announcements a week ago
0 Karma
1 Replies
1151 Views

Additional Help & Resources