Splunk Community
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.

Find answers, ask questions, and connect with our community of consumers and specialists.

121K Members 49.3K Online 157K Posts

Modernize your security operations with the SANS report, Rethinking Detection Engineering, which offers a practical, threat-informed roadmap. By leveraging Detection-as-Code and MITRE ATT&CK, your team can transition to a proactive, risk-based alerting model that reduces overhead.

Additional Help & Resources

Getting Started

Learn more about the Splunk Community and how we can help

Community Blog

Community happenings, product announcements, and Splunk news

Learning Paths

Discover Community and Learning Resources for your Role

User Groups

Meet up with other Splunk practitioners, virtually or in-person

Office Hours

Webinar-style deep dives and workshops for hands-on guidance

Community Activity
SplunkIsFun

How to load Teams Azure Audit log events into Splunk - Not just the Teams Calling data

Hi Community,We have the "Splunk Add-on for Microsoft Office 365" installed.  We've created "Inputs" for "Audit.Azure...
by SplunkIsFun Engager in All Apps and Add-ons 2 hours ago
1 1
1
1
Tapas_Acharya

SAP Application ABAP Agent & SDK Agent Port connectivity Details

Hi Community,Can someone help us with my below queries related to these ports for ABAP agent & SDK agent set up confi...
by Tapas_Acharya Loves-to-Learn Lots in Splunk AppDynamics 3 hours ago
0 0
0
0
msmadhu

DBconnect 4.2.1 Unable to decrypt password

HiIs there any way to decrypt or retrieve the clear‑text password for an identity stored in Splunk DB Connect?We are ...
by msmadhu Path Finder in All Apps and Add-ons 4 hours ago
0 2
0
2
BlueSocket

Why does the Splunk Upgrader for Linux 1.0.3 assume that the Splunk user is root if there is a System Unit file?

I have been trying to get the Splunk Remote Upgrader for Linux Universal Forwarders 1.0.3 app to work and upgrade our...
by BlueSocket Contributor in All Apps and Add-ons 5 hours ago
0 3
0
3
LovingSplunk

How can I move Cribl ingestion to Splunk safely?

We are planning to decommission our Cribl environment and migrate all data ingestion directly back to Splunk. I am lo...
by LovingSplunk Path Finder in Deployment Architecture 5 hours ago
0 3
0
3
akai

Metadata token inside macro

Hello,I have a requirement where I need to have the name of the current running saved search available to itself. And...
by akai Explorer in Splunk Enterprise yesterday
0 0
0
0
BluFalcon

Splunk KnowBe4 Integration

I was wondering if any one has successfully onboard KnowBe4 data? I don't see a TA or App on Splunkbase.
by BluFalcon Engager in Getting Data In yesterday
0 8
0
8
mike_k

Best practice for archiving frozen data

I am in the process of pulling together a design for a new Splunk deployment.The deployment will be on the small side...
by mike_k Path Finder in Splunk Enterprise yesterday
0 5
0
5
apiprek2

Border Add-on for OutSystems Logs - configuration issues (app 8334)

Hi, I'm having some issues configuring this add-on.  I installed the add-on v0.0.0+9fa6d17 on a Splunk Enterprise 10....
by apiprek2 Explorer in All Apps and Add-ons yesterday
0 2
0
2
luispulido

Intermittent CrowdStrike Falcon Event Streams

Hi everyone,I'm currently experiencing an intermittent issue with the CrowdStrike Falcon Event Streams Technical Add-...
by luispulido Explorer in All Apps and Add-ons yesterday
0 2
0
2
varungupta

Introducing the AI-Powered Self-Healing Pipeline for CIM Compliance Alpha Program

Introducing the Self-Healing Pipeline: AI Powered CIM Compliance  Maintaining data integrity within your security and...
by varungupta Splunk Employee Splunk Employee in Product News & Announcements yesterday
0 0
0
0
Mt4real

Error Forbidden in Splunk Security Essentails Baseline Search

Hello everyone, I am using Splunk Developer Edition . I did  contents mapping for the first time in Splunk Security E...
by Mt4real New Member in Share a Tip yesterday
0 3
0
3
Ish42

Offline Documentation?

New to splunk... I am installing it on an ISOLATED and OFFLINE Network, as such I cannot go to help.splunk.com to loo...
by Ish42 Engager in Splunk Enterprise yesterday
1 3
1
3
fabrizioalleva

Passing search results to a python script in alert_actions

Hi all,I'm trying to execute a script in a scheduled Alerts, when results of a search are greater than 0.I've created...
by fabrizioalleva Path Finder in Splunk Enterprise yesterday
0 2
0
2
Elina

Exporting and Importing response plans

Hello,I was wondering if there is a way to import/export response plans and investigations in splunk8.x,my goal is to...
by Elina New Member in Splunk Dev yesterday
0 2
0
2
livehybrid

Spike in 503 errors in the Splunk WebUI after upgrading to 10.0.3 (also affects 9.2.10/9.3.9/9.4.8/10.2.0)

Good afternoon! This week we upgraded a Splunk deployment from 9.4.x to 10.0.3, and whilst everything seemingly went ...
by SplunkTrust SplunkTrust in Splunk Enterprise yesterday
32 21
32
21
dsgoody

MS Windows AD Objects Replacement?

Hi all,We use the MS Windows AD Objects here. It generates lookup tables of AD users and groups that are used in a lo...
by dsgoody Engager in All Apps and Add-ons yesterday
0 1
0
1
Wohamed_wakkad

Syslog and UF HA approaches

According to Splunk Validated architecture of designing HA between 2 syslog server  the documentation says this -->  ...
by Wohamed_wakkad Loves-to-Learn in Deployment Architecture yesterday
0 5
0
5
spoonmaniac

internal index always exceed the Max Size defined

Hello there,I have an issue with the internal index of my indexers (_audit, _introspection, _metrics) because, for an...
by spoonmaniac Engager in Splunk Enterprise yesterday
0 8
0
8
gnagasri

Host override not working.

Sample events - working in regex101 : https://regex101.com/r/LuC6ZQ/1| rex field=_raw "nsssvcip\=(?<host>\d+\.\d+\.\d...
by gnagasri Engager in Getting Data In Sunday
0 4
0
4
Glasses2

Splunk Hybrid Cloud Architecture

Hello,I am scoping out a cloud migration from a distributed on-prem Splunk Enterprise deployment to a Hybrid  Splunk ...
by Glasses2 Communicator in Splunk Cloud Platform Sunday
0 7
0
7
wp-uk-36

Have Splunk error out when unknown field used in search

Hi,From time to time I make typos in field names in my Splunk SPL searches and very rightly Splunk returns nothing in...
by wp-uk-36 Explorer in Splunk Search Saturday
1 6
1
6
0xAli

Threat Intel: Add threat intelligence from Splunk events

Hi Everyone,We have integrated Crowdstrike falcon with splunk and we retrieved the IOC in index=cs_ioc.Using the belo...
by 0xAli Explorer in Splunk Enterprise Security Saturday
0 3
0
3
sgabriel62

Correct syntax for new WinEventLog Entry

I have been given the task to insert or attempt to insert Event Logs from  Applications and Service Logs.Im assuming ...
by sgabriel62 Engager in Splunk Enterprise Saturday
0 2
0
2
aqtran01

Proofpoint TAP SIEM Modular Input Issue

I'm currently running Splunk Cloud, Splunk Enterprise version:10.1.2507.21, in Victoria experience.I installed the Pr...
by aqtran01 New Member in All Apps and Add-ons Friday
0 1
0
1
View More Posts
Splunk Learning

Splunk has training and education options for everyone, whether it's your first or fiftieth deployment.

Get Started

Top Solution Authors
View All
Announcements
Register for Upcoming Live Tech Talks! Security, Observability, Platform and App Developer Editions are held every month.

How digitally resilient are you? Take a quick Digital Resilience Assessment to find out if you're prepared for disruption!
Upcoming events
View More
Quick Peak, Big Impact - Splunk Dashboarding in 2025. London (GB) Dec 16, 2025 @ 11:00 AM 15 attending
Splunk Enterprise Security 8 - Give me a "Response" or give me life Washington, DC, DC (US) Dec 16, 2025 @ 17:30 PM 20 attending
Szóste spotkanie Splunk User Group w Polsce Warsaw, Masovian Voivodeship (PL) Dec 17, 2025 @ 16:00 PM 39 attending
AI can exSPLain - Rome Rome, Lazio (IT) Dec 18, 2025 @ 09:00 AM 21 attending
Quick Peak, Big Impact - Splunk Dashboarding in 2025. London (GB) Dec 16, 2025 @ 11:00 AM 15 attending
View More

Meet the SplunkTrust

"Being a member of SplunkTrust as well as a User Group Leader enriches my knowledge of Splunk greatly. I am exposed to and learn so much about Splunk that I can be on top of any new features well ahead of the game." - Becky Burwell

The SplunkTrust is comprised of our most dedicated community members. They assist other members, participate in events, demonstrate the power of Splunk's products, and help guide future roadmaps.

Learn more
Top Solution Authors
View All
Latest Blog Activity

Introducing the AI-Powered Self-Healing Pipeline for CIM Compliance Alpha Program

Introducing the Self-Healing Pipeline: AI Powered CIM Compliance  Maintaining data integrity within your security and analytics pipelines is a constant challenge. As data sources evolve, field ...
varungupta
on Product News & Announcements yesterday
0 Karma
1 Replies
381 Views

New: Search and Personalization just got a major upgrade!

Hello Splunkers,  We’re excited to share two big upgrades coming to community.splunk.com today. These changes are all about making the community experience faster, more relevant, and uniquely yours.  ...
iamryan
on Community Blog Thursday
1 Karma
1 Replies
152 Views

Tech Talk | AI-Powered Data Management

  Now On-Demand   Join our Splunk experts for an exclusive Tech Talk as we explore the Cisco Data Fabric architecture and introduce our latest AI-powered data management capabilities designed to turn ...
LesediK
on Splunk Tech Talks Thursday
0 Karma
3 Replies
817 Views

GA: Detection Studio and Exposure Analytics in Enterprise Security (ES) 8.5

In this latest release of Enterprise Security (ES), we are excited to announce that  Detection Studio and Exposure Analytics are now generally available (GA) for both ES Essential and ES Premier ...
OliviaHenderson
on Product News & Announcements Wednesday
0 Karma
1 Replies
1109 Views

Additional Help & Resources