Splunk Tech Events Feb 2026: Insider Threats & SPL2 Tips

February Event Highlights:

• Security Focus: Join the "Insider Threats" AMA to learn about indicators of compromise, risk scoring, and UEBA best practices.

• Platform Focus: A deep dive into SPL2, featuring the new Module Editor, SQL-like syntax, and the SPL-to-SPL2 converter.

• Format: All sessions are 60-minute interactive Zoom calls with live Q&A from Splunk technical experts.

• Dates: Security AMA (Feb 18) | Platform SPL2 AMA (Feb 19).

Upcoming February Community Events

Security AMA: Detecting and Investigating Insider Threats

• Date: February 18, 2026 | 11am PT
• Registration
• What can I ask in this session?
  • What are the most common insider threats today, and what are the typical indicators associated with them?
  • What are the key considerations when detecting and analyzing insider threats?
  • What are the best practices for detecting and investigating insider threats using Splunk?
  • How can I maximize the use of threat intelligence and contextual insights when investigating insider threats?
  • How can I best leverage data from Splunk to understand insider threat trends?
  • How can machine learning and AI be used to scale your analytics?
  • Can you provide insights on how User and Entity Behavior Analytics (UEBA) helps detect insider threats? How does the risk scoring work?

Platform AMA: Comprehensive Guide to SPL2

• Date: February 19, 2026 | 11am PT
• Registration
• What can I ask in this session?
  • Can you provide examples of how the SQL-like syntax in SPL2 can be used for common data analysis tasks?
  • What is the module editor and how does it help me do my job?
  • What are the expected performance improvements when using SPL2 compared to traditional SPL for large datasets or complex queries?
  • How does the "point-and-click SPL to SPL2 converter" work, and what are its limitations?

About Community Programs

What are Community Office Hours?

Community Office Hours are an interactive 60-minute Zoom series where participants can ask questions and engage with technical Splunk experts on various topics. Whether you're just starting your journey with Splunk or looking for best practices to take your deployment to the next level, Community Office Hours provides a safe and open environment for you to get help.

If you have an issue you can’t seem to resolve, have a question you’re eager to get answered by Splunk experts, are exploring new use cases, or just want to sit and listen in, Community Office Hours is for you!

What are Tech Talks?

Tech Talks are designed to accelerate adoption and ensure your success. In these engaging 60-minute sessions, we dive deep into best practices, share valuable insights, and explore additional use cases to expand your knowledge and proficiency with our products.

Whether you're looking to optimize your workflows, discover new functionalities, or troubleshoot challenges, Tech Talks is your go-to resource.

Don’t miss the next post. Here’s how to subscribe to this blog and get notified when new content goes live.