Did you miss .conf25? Are you into monitoring LLM applications with OpenTelemetry and Splunk Observability Cloud? Read on to catch what you missed from Derek Mitchell and Sarah Ware’s technical session.

To ensure you benefit from the latest features, best practices, and full Splunk support, we are transitioning all Splunk Add on for Microsoft Azure inputs to Splunk supported Technology Add-ons: Splunk Add-on for Microsoft Cloud Services, Splunk Add-on for Microsoft Office 365, and Splunk Add-on for Microsoft Security.

The overall aim of this puzzle is to convert XML event to fixed-length events, and it has been split into multiple parts. This first part is about preparing the field template so that it can be used to place the data in the correct order in the fixed-length (and pipe-delimited) events. To that end, the challenge for this part is to determine the correct order that all the fields appear in, by comparing the position of each field with the position of every other field, dereferencing the field names to find their positions.

Stay ahead of the curve and in the know with our comprehensive list of upcoming Tech Talks, Community Office Hours, and webinars. From insightful discussions to hands-on workshops, there’s something for everyone eager to dive deeper and learn. Don’t miss out — mark your calendars now!

Are you looking to bridge the gap between your operational technology (OT) and IT security monitoring? The Cisco Cyber Vision Add-on for Splunk makes it easier than ever.

If you’re looking to jump in and get started with Observability as Code, but you’re not sure where to begin, start here! We’ve set up a template GitHub repository using OpenTofu/Terraform so you can jump in and go from zero to Dashboard in Splunk Observability Cloud.

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get early access to new research opportunities shared by Splunk Product Researchers. 

OpenTelemetry keeps getting easier to adopt — not just in the cloud, but everywhere.
Splunk and Dash0 just contributed the OpenTelemetry Injector to the community: a new way to automatically instrument host-based applications with zero code changes.
In this post, we break down how it works, how it differs from the Operator and Automatic Discovery, and why it’s a big step forward for hybrid observability across on-prem, VMs, and cloud-native workloads.

This puzzle is about obfuscating a field by replacing specific characters with the same number of characters. More specifically, in an event which has a fixed length, with pipe-delimited fields, just replace the non-space characters with an asterisk (*), just using a single regular expression (rex command).

This article contains a walkthrough to a solution for this puzzle, and demonstrates an approach to developing a regular expression to solve it.

If you are anything like me, you love to solve problems, and what better way to do it than with Splunk! Expand your Splunkiverse by learning and using lesser known/used commands, techniques, and data analysis insights to solve innovative puzzles and challenges.

Join the Slack #puzzles channel and have fun!

Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are misattributed, investigations stall, and compliance reporting becomes unreliable. Yet practitioners face recurring challenges: inconsistent data across sources, missing attributes, schema drift, and conflicts between authoritative systems

Once you’ve enabled Automatic Discovery in your Kubernetes environment, the real power comes from how you use it. In this post, we’ll explore practical examples of monitoring databases, caches, and entire application stacks using the Splunk Distribution of the OpenTelemetry Collector. See how to apply Automatic Discovery to complex, real-world scenarios with minimal configuration and maximum visibility in Splunk Observability Cloud.

Welcome to the November edition of our Community Spotlight! This month, we’re focusing on two tricky scenarios that can stump even seasoned Splunk pros, both involving the art of choosing the right command for the job.

💡 Our contributors who are highlighted for providing a solution will be given a $25 Cisco Store gift card for their contributions

Stay ahead of the curve and in the know with our comprehensive list of upcoming Tech Talks, Community Office Hours, and webinars. From insightful discussions to hands-on workshops, there’s something for everyone eager to dive deeper and learn. Don’t miss out — mark your calendars now!

This month, we saw incredible engagement around our Content Calendar and SME Day, and we want to give a special shoutout to the members who made it all possible.

Automatic Discovery removes a lot of the manual toil from an observability setup, but getting the configuration right ensures you reap all its benefits. In this post, we’ll walk through how to enable Automatic Discovery in Kubernetes using Helm, plus best practices for configuration, security, and scaling it across environments.

This month, we’re excited to share a set of new articles that have been created from popular .conf 2025 sessions – from optimizing LLM RAG patterns to optimizing Enterprise Security 8, we’ve created articles that capture all the insights and lessons that our Splunk experts shared.  We’re also taking a look at a comprehensive new article series on scaling Splunk Edge Processor infrastructure, perfect for anyone who wants to take their data management practices to the next level. On top of that we’ve got lots of new articles to share with you, as well as all the details on our new website redesign! Read on to find out more. 

Interested in getting early access to our AI Playbook Authoring feature? Read this post to learn how to apply for our Alpha private preview program. 

Drowning in noisy firewall logs? Learn how to cut the noise, classify events, and optimize storage with Splunk’s Data Management Pipeline Builders (Edge Processor & Ingest Processor). Check out our new Lantern guides for Cisco Adaptive Security Appliance (ASA) and Palo Alto Networks (PAN) firewall logs.

Setting up observability for dynamic environments like Kubernetes can be tedious and error-prone – but it doesn’t have to be. Automatic Discovery in the Splunk Distribution of the OpenTelemetry Collector simplifies observability by automatically detecting new services, generating the right monitoring configuration snippets, and sending metrics to Splunk Observability Cloud in real time.

By the time most financial institutions detect fraud, the damage is done. Splunk real-time dashboards flip the script—catching account takeovers, stolen credit cards, and wire transfer scams as they happen, not days later. Learn how leading institutions are stopping fraud in minutes and preventing losses before they escalate.

Business Transactions and Business iQ might seem like similar monitoring features, but they serve fundamentally different purposes in an observability strategy. Business Transactions track the technical health of critical user flows across microservices, while Business iQ reveals things like exactly how much money performance issues are costing you in real revenue and KPIs. Together, they can bridge the gap between code performance and business outcomes.

This post explores when to use each tool and how combining technical journey monitoring with business impact analysis transforms performance management from reactive firefighting to proactive optimization.

Wondering what all the buzz around Observability is all about? The best way to find out is to try out Splunk Observability yourself, with this fully functioning CNCF Observability demo that can be deployed in just a few minutes.

Service Maps and Service Analyzer tree views might seem like similar visualizations, but they serve fundamentally different purposes for different teams within your observability strategy. APM Service Maps trace technical dependencies. ITSI Service Analyzer tree view reveals business impact. Even though they're visualizations that might be used by different teams, they can still complement one another to provide complete operational visibility from code to customer.

For BORE at .conf24, we had a puzzle question which was to find integers which were multiples of 3. Rather than providing spoilers (in case we run BORE again and allow previous questions to be answered), I have devised another puzzle on similar lines. Find the integers which are multiple of 9, just using a single regular expression (rex command). This article provides some pointers on how to solve this puzzle.

Tool sprawl, context switching, and alert overload are slowing down SOCs—and giving attackers the upper hand. But good news -- Splunk Enterprise Security (ES) brings together your entire threat detection, investigation, and response (TDIR) process into one AI-powered platform, helping analysts work smarter and respond faster.

This September, we saw incredible engagement around our Content Calendar and our SME (Subject Matter Expert) Day. Today, we want to shine a spotlight on a few individuals who went above and beyond.

Welcome to the October edition of our Community Spotlight! 

This month, we're diving into two common but often misunderstood issues that can cause major headaches: incorrect event timestamps and scary license warnings.

💡 Our contributors who are highlighted for providing a solution will be given a $25 Cisco Store gift card for their contributions

This month, we're excited to share a major update regarding the future of Splunk Lantern: a sneak peek at our website redesign! We've been working hard to make Lantern even more intuitive and valuable, and we've attached a wireframe of the proposed new homepage for you to review. We're eager to gather your thoughts and feedback on this new design, which aims to streamline navigation and enhance content accessibility across key areas. Read on to find out more.