Hands-On Learning and Technical Seminars 

Sometimes, you just need to see the code. For those looking for a deep-dive educational experience, we have Technical Seminars (note: these require an additional fee). You can purchase Technical Seminars on the re

Learn about what’s next for Splunk Platform at Cisco Live EMEA. 

Data silos are a big challenge for any practitioner. How do you get a clear view of your environment when data lives everywhere? The Cisco Data Fabric powered by Splunk Platform enables you to search, analyze, and investigate your machine data from any source at any scale without ingesting all that data into Splunk. 

We took the test so you don’t have to. Just kidding. If you want to be an OTCA, you’ll still need to take and pass the exam, but maybe this comprehensive overview and study guide can help you succeed.

Are you tired of being a manual alert responder? The security landscape is shifting, and at Cisco Live, we’ll show you how to become a proactive orchestrator. We’re moving into the era of the Agentic SOC, where defenders leverage intelligent, automated ecosystems that learn, adapt, and scale. 

AI workloads demand specialized infrastructure and complete visibility. Learn how Splunk Observability Cloud and Cisco AI-Ready PODs work together to deliver unified monitoring from GPU utilization to application performance—helping you detect issues faster and optimize expensive AI resources.

You know Splunk. You know Cisco. But have you seen what happens when these two powerhouses join forces? If you’re a Splunk practitioner, Cisco Live EMEA (February 9-13 in Amsterdam) is no longer just a "networking show"; it is now a destination for technical training, digital resilience, and unified observability. 

For a previous puzzle, I needed some sample data, and while researching for this, I came across the data I was interested in, but it was in an HTML Table. This inspired me to create this puzzle. The challenge is to take an HTML table and convert it to a Splunk table.

Discover how 2025 was a landmark year for the Splunk App Platform, marked by innovation, community growth, and exciting new initiatives. From launching the unified Splunk Developer Program and Developer Advisory and Support to record-breaking engagement at .conf25 and the Splunk Build-a-thon, the developer ecosystem thrived like never before. Get ready for an inspiring 2026 with the first-ever Splunk Developer Day, new Partner Tech Talks, and .conf26 in Denver. Join us as we continue to empower builders and drive the future of app development on Splunk!

Entity Risk Score is a new feature in ES 8.3 that aggregates metadata of events on an entity to better represent the severity of those observations. Haylee Mills breaks down how it works and how you might use it in day to day security operations.

Join us for a live Demo Day at the Cisco Store to see unified monitoring in action on January 21st 10:00am - 11:00am PST.

Configuring and setting up TLS in Splunk can seem overwhelming, especially if you are not used to the various settings.  Throw in a custom CA-chain, some systems using the web GUI, others not, maybe even some SAML configurations, and it can seem absolutely overwhelming -- especially since even a minor error can break your instance.

Let's make it more tame.

This month, we’re excited to share powerful new resources that focus on two of the most critical areas for modern IT and Security teams: using artificial intelligence to solve problems faster, and mastering the complexities of cloud-native infrastructure. Whether you are looking to automate your threat analysis or fine-tune your Kubernetes environment, our latest articles give you the expert guidance you need to succeed. 

Stop treating PCI DSS compliance like an annual fire drill. Discover how leading security teams use Splunk to maintain continuous compliance visibility, automatically track all 12 requirements, and turn audit preparation from weeks of scrambling into hours of confident reporting.

From Splunk Engineer to Founder: The Journey Behind TrackMe

In this Developer Spotlight, we explore how Guilhem Marchand transformed years of hands-on Splunk experience into TrackMe—a globally adopted platform for monitoring data quality and operational health. From its open-source beginnings to serving enterprise and Fortune 100 customers, discover the challenges, milestones, and vision behind building a trusted Splunk-native solution.

When payment systems fail, every minute counts. See how the integration between Cisco Catalyst Center and Splunk ITSI takes IT teams from "payments are down" to root cause in under 10 minutes—without tool-switching, manual correlation, or lost context.

Stay ahead of the curve and in the know with our comprehensive list of upcoming Tech Talks, Community Office Hours, and webinars. From insightful discussions to hands-on workshops, there’s something for everyone eager to dive deeper and learn. Don’t miss out — mark your calendars now!Stay ahead of the curve and in the know with our comprehensive list of upcoming Tech Talks, Community Office Hours, and webinars. From insightful discussions to hands-on workshops, there’s something for everyone eager to dive deeper and learn. Don’t miss out — mark your calendars now!

The overall aim of this puzzle is to convert XML event to fixed-length events, and it has been split into multiple parts. The first part was about preparing the field template by dereferencing the field names, so that their positions could be compared. The second part was about using nested loops to process each sequence segment against all the other sequences, until the whole sequence is determined. The third part was about dynamically formatting the data with the correct width and justification. This final part is to bring the techniques used in the earlier parts to create a single SPL search to convert the XML events into a fixed-length, pipe-delimited format, whilst maintaining the order of the fields.

The overall aim of this puzzle is to convert XML event to fixed-length events, and it has been split into multiple parts. The first part was about preparing the field template by dereferencing the field names, so that their positions could be compared. The second part was about using nested loops to process each sequence segment against all the other sequences, until the whole sequence is determined. This third part is about determining how wide each field should be (to just hold the widest value) and formatting the data with the correct justification (numerics are right-justified (space-filled) and non-numerics are left-justified).

This month, we’re excited to share powerful new resources that will transform how you manage security operations across hybrid environments. From implementing money-saving Federated Search capabilities for Amazon S3 to monitoring Google Cloud SQL or integrating with the Australian Signals Directorate's CTIS platform, we're bringing you guidance straight from expert Splunkers that addresses the most pressing challenges facing security teams today. On top of that, we've got lots more use cases, industry-specific guidance and best-practice tips to help you close out 2025 strong. Read on to find out more. 

Transform natural language descriptions into production-ready Terraform code in minutes using Splunk Observability Cloud’s AI Assistant – no manual HCL required.

For Digital Forensics and Incident Response (DFIR) practitioners, Splunk is a core part of daily workflow. Its Schema on the Fly and powerful Search Processing Language (SPL) allow for iterative and flexible investigation—ideal for the nature of forensic analysis.

The overall aim of this puzzle is to convert XML event to fixed-length events, and it has been split into multiple parts. The first part was about preparing the field template by dereferencing the field names, so that their positions could be compared. This second part is about an alternative approach to the field template process. To that end, the challenge for this part is to take some XML events and, by using nested loops, determine the correct order that the fields appear in, by  processing each sequence segment against all the other sequences, and merging or joining the sequence segments until the whole sequence is determined.

This is part 1of a 3-part blog series on Splunk Observability Cloud, laying the groundwork for an exciting upcoming launch! Plus, get details on our upcoming Community Office Hours!

Discover how Splunk ES Premier’s built-in User and Entity Behavior Analytics (UEBA) helps SOC teams detect hidden insider threats, reduce alert fatigue, and accelerate investigations.

Did you miss .conf25? Are you into monitoring LLM applications with OpenTelemetry and Splunk Observability Cloud? Read on to catch what you missed from Derek Mitchell and Sarah Ware’s technical session.

To ensure you benefit from the latest features, best practices, and full Splunk support, we are transitioning all Splunk Add on for Microsoft Azure inputs to Splunk supported Technology Add-ons: Splunk Add-on for Microsoft Cloud Services, Splunk Add-on for Microsoft Office 365, and Splunk Add-on for Microsoft Security.

The overall aim of this puzzle is to convert XML event to fixed-length events, and it has been split into multiple parts. This first part is about preparing the field template so that it can be used to place the data in the correct order in the fixed-length (and pipe-delimited) events. To that end, the challenge for this part is to determine the correct order that all the fields appear in, by comparing the position of each field with the position of every other field, dereferencing the field names to find their positions.

Stay ahead of the curve and in the know with our comprehensive list of upcoming Tech Talks, Community Office Hours, and webinars. From insightful discussions to hands-on workshops, there’s something for everyone eager to dive deeper and learn. Don’t miss out — mark your calendars now!

Are you looking to bridge the gap between your operational technology (OT) and IT security monitoring? The Cisco Cyber Vision Add-on for Splunk makes it easier than ever.