The overall aim of this puzzle is to convert XML event to fixed-length events, and it has been split into multiple parts. The first part was about preparing the field template by dereferencing the field names, so that their positions could be compared. The second part was about using nested loops to process each sequence segment against all the other sequences, until the whole sequence is determined. This third part is about determining how wide each field should be (to just hold the widest value) and formatting the data with the correct justification (numerics are right-justified (space-filled) and non-numerics are left-justified).

This month, we’re excited to share powerful new resources that will transform how you manage security operations across hybrid environments. From implementing money-saving Federated Search capabilities for Amazon S3 to monitoring Google Cloud SQL or integrating with the Australian Signals Directorate's CTIS platform, we're bringing you guidance straight from expert Splunkers that addresses the most pressing challenges facing security teams today. On top of that, we've got lots more use cases, industry-specific guidance and best-practice tips to help you close out 2025 strong. Read on to find out more. 

Transform natural language descriptions into production-ready Terraform code in minutes using Splunk Observability Cloud’s AI Assistant – no manual HCL required.

For Digital Forensics and Incident Response (DFIR) practitioners, Splunk is a core part of daily workflow. Its Schema on the Fly and powerful Search Processing Language (SPL) allow for iterative and flexible investigation—ideal for the nature of forensic analysis.

The overall aim of this puzzle is to convert XML event to fixed-length events, and it has been split into multiple parts. The first part was about preparing the field template by dereferencing the field names, so that their positions could be compared. This second part is about an alternative approach to the field template process. To that end, the challenge for this part is to take some XML events and, by using nested loops, determine the correct order that the fields appear in, by  processing each sequence segment against all the other sequences, and merging or joining the sequence segments until the whole sequence is determined.

This is part 1of a 3-part blog series on Splunk Observability Cloud, laying the groundwork for an exciting upcoming launch! Plus, get details on our upcoming Community Office Hours!

Discover how Splunk ES Premier’s built-in User and Entity Behavior Analytics (UEBA) helps SOC teams detect hidden insider threats, reduce alert fatigue, and accelerate investigations.

Did you miss .conf25? Are you into monitoring LLM applications with OpenTelemetry and Splunk Observability Cloud? Read on to catch what you missed from Derek Mitchell and Sarah Ware’s technical session.

To ensure you benefit from the latest features, best practices, and full Splunk support, we are transitioning all Splunk Add on for Microsoft Azure inputs to Splunk supported Technology Add-ons: Splunk Add-on for Microsoft Cloud Services, Splunk Add-on for Microsoft Office 365, and Splunk Add-on for Microsoft Security.

The overall aim of this puzzle is to convert XML event to fixed-length events, and it has been split into multiple parts. This first part is about preparing the field template so that it can be used to place the data in the correct order in the fixed-length (and pipe-delimited) events. To that end, the challenge for this part is to determine the correct order that all the fields appear in, by comparing the position of each field with the position of every other field, dereferencing the field names to find their positions.

Stay ahead of the curve and in the know with our comprehensive list of upcoming Tech Talks, Community Office Hours, and webinars. From insightful discussions to hands-on workshops, there’s something for everyone eager to dive deeper and learn. Don’t miss out — mark your calendars now!

Are you looking to bridge the gap between your operational technology (OT) and IT security monitoring? The Cisco Cyber Vision Add-on for Splunk makes it easier than ever.

If you’re looking to jump in and get started with Observability as Code, but you’re not sure where to begin, start here! We’ve set up a template GitHub repository using OpenTofu/Terraform so you can jump in and go from zero to Dashboard in Splunk Observability Cloud.

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get early access to new research opportunities shared by Splunk Product Researchers. 

OpenTelemetry keeps getting easier to adopt — not just in the cloud, but everywhere.
Splunk and Dash0 just contributed the OpenTelemetry Injector to the community: a new way to automatically instrument host-based applications with zero code changes.
In this post, we break down how it works, how it differs from the Operator and Automatic Discovery, and why it’s a big step forward for hybrid observability across on-prem, VMs, and cloud-native workloads.

This puzzle is about obfuscating a field by replacing specific characters with the same number of characters. More specifically, in an event which has a fixed length, with pipe-delimited fields, just replace the non-space characters with an asterisk (*), just using a single regular expression (rex command).

This article contains a walkthrough to a solution for this puzzle, and demonstrates an approach to developing a regular expression to solve it.

If you are anything like me, you love to solve problems, and what better way to do it than with Splunk! Expand your Splunkiverse by learning and using lesser known/used commands, techniques, and data analysis insights to solve innovative puzzles and challenges.

Join the Slack #puzzles channel and have fun!

Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are misattributed, investigations stall, and compliance reporting becomes unreliable. Yet practitioners face recurring challenges: inconsistent data across sources, missing attributes, schema drift, and conflicts between authoritative systems

Once you’ve enabled Automatic Discovery in your Kubernetes environment, the real power comes from how you use it. In this post, we’ll explore practical examples of monitoring databases, caches, and entire application stacks using the Splunk Distribution of the OpenTelemetry Collector. See how to apply Automatic Discovery to complex, real-world scenarios with minimal configuration and maximum visibility in Splunk Observability Cloud.

Welcome to the November edition of our Community Spotlight! This month, we’re focusing on two tricky scenarios that can stump even seasoned Splunk pros, both involving the art of choosing the right command for the job.

💡 Our contributors who are highlighted for providing a solution will be given a $25 Cisco Store gift card for their contributions

Stay ahead of the curve and in the know with our comprehensive list of upcoming Tech Talks, Community Office Hours, and webinars. From insightful discussions to hands-on workshops, there’s something for everyone eager to dive deeper and learn. Don’t miss out — mark your calendars now!

This month, we saw incredible engagement around our Content Calendar and SME Day, and we want to give a special shoutout to the members who made it all possible.

Automatic Discovery removes a lot of the manual toil from an observability setup, but getting the configuration right ensures you reap all its benefits. In this post, we’ll walk through how to enable Automatic Discovery in Kubernetes using Helm, plus best practices for configuration, security, and scaling it across environments.

This month, we’re excited to share a set of new articles that have been created from popular .conf 2025 sessions – from optimizing LLM RAG patterns to optimizing Enterprise Security 8, we’ve created articles that capture all the insights and lessons that our Splunk experts shared.  We’re also taking a look at a comprehensive new article series on scaling Splunk Edge Processor infrastructure, perfect for anyone who wants to take their data management practices to the next level. On top of that we’ve got lots of new articles to share with you, as well as all the details on our new website redesign! Read on to find out more. 

Interested in getting early access to our AI Playbook Authoring feature? Read this post to learn how to apply for our Alpha private preview program. 

Drowning in noisy firewall logs? Learn how to cut the noise, classify events, and optimize storage with Splunk’s Data Management Pipeline Builders (Edge Processor & Ingest Processor). Check out our new Lantern guides for Cisco Adaptive Security Appliance (ASA) and Palo Alto Networks (PAN) firewall logs.

Setting up observability for dynamic environments like Kubernetes can be tedious and error-prone – but it doesn’t have to be. Automatic Discovery in the Splunk Distribution of the OpenTelemetry Collector simplifies observability by automatically detecting new services, generating the right monitoring configuration snippets, and sending metrics to Splunk Observability Cloud in real time.

By the time most financial institutions detect fraud, the damage is done. Splunk real-time dashboards flip the script—catching account takeovers, stolen credit cards, and wire transfer scams as they happen, not days later. Learn how leading institutions are stopping fraud in minutes and preventing losses before they escalate.

Business Transactions and Business iQ might seem like similar monitoring features, but they serve fundamentally different purposes in an observability strategy. Business Transactions track the technical health of critical user flows across microservices, while Business iQ reveals things like exactly how much money performance issues are costing you in real revenue and KPIs. Together, they can bridge the gap between code performance and business outcomes.

This post explores when to use each tool and how combining technical journey monitoring with business impact analysis transforms performance management from reactive firefighting to proactive optimization.