Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get early access to new research opportunities shared by Splunk Product Researchers. 

This puzzle is about obfuscating a field by replacing specific characters with the same number of characters. More specifically, in an event which has a fixed length, with pipe-delimited fields, just replace the non-space characters with an asterisk (*), just using a single regular expression (rex command).

This article contains a walkthrough to a solution for this puzzle, and demonstrates an approach to developing a regular expression to solve it.

If you are anything like me, you love to solve problems, and what better way to do it than with Splunk! Expand your Splunkiverse by learning and using lesser known/used commands, techniques, and data analysis insights to solve innovative puzzles and challenges.

Join the Slack #puzzles channel and have fun!

Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are misattributed, investigations stall, and compliance reporting becomes unreliable. Yet practitioners face recurring challenges: inconsistent data across sources, missing attributes, schema drift, and conflicts between authoritative systems

Welcome to the November edition of our Community Spotlight! This month, we’re focusing on two tricky scenarios that can stump even seasoned Splunk pros, both involving the art of choosing the right command for the job.

💡 Our contributors who are highlighted for providing a solution will be given a $25 Cisco Store gift card for their contributions

This month, we saw incredible engagement around our Content Calendar and SME Day, and we want to give a special shoutout to the members who made it all possible.

For BORE at .conf24, we had a puzzle question which was to find integers which were multiples of 3. Rather than providing spoilers (in case we run BORE again and allow previous questions to be answered), I have devised another puzzle on similar lines. Find the integers which are multiple of 9, just using a single regular expression (rex command). This article provides some pointers on how to solve this puzzle.

Welcome to the October edition of our Community Spotlight! 

This month, we're diving into two common but often misunderstood issues that can cause major headaches: incorrect event timestamps and scary license warnings.

💡 Our contributors who are highlighted for providing a solution will be given a $25 Cisco Store gift card for their contributions

CX day and every day is all about how we drive your success with Splunk. Tune in with us on October 7th!!

Boss Of Regular Expression (BORE) was an interactive session run again this year at .conf25 by the brilliant Splunk experts Clara and Cary, assisted by members of the Splunk Trust. We spent a couple of hours on Tuesday afternoon trying to solve problems using regular expressions to gain points. The problems were nominally rated as Beginner, Intermediate and Advanced, with bonus (hidden) strings so that more generalised solutions could gain extra points. Here's a statistical analysis of what happened!

Hello Splunkers,

And just like that, .conf25 is in the books! What an incredible few days — full of learning, networking, and community energy. For me personally, this was extra special. As someone who recently joined Splunk from the AppDynamics Community, it was my very first .conf. I finally got to meet so many of my coworkers face-to-face and connect with countless community members I’d only known online.

The Builder Bar at .conf25 was buzzing with energy, ideas, and innovation this year! We had a blast connecting with Splunk developers, app builders, and innovators of all types. Read on to see what went down at the Builder Bar and see what’s next for Splunk app developers, including how you can join the newly launched Splunk Developer Program!

The first 30 people to complete the Community Feedback Survey will receive a $25 Cisco gift card.

Don’t miss your chance — share your feedback today and enjoy a little reward for helping shape the future of the Splunk Community!

From logs to AI-driven insights, find out what Splunk actually does. A community guide to security, observability, IT operations, and more. 

Every year .conf brings together some of the most passionate, innovative, and community-focused people in the world of data. Among them, the SplunkTrust members stand out for their commitment to sharing knowledge, helping others, and making our community even stronger.

Our very first feature focuses on Mark McCullough — a familiar face to many in the community. His story is one of persistence, curiosity, and a deep passion for helping others succeed with Splunk.

It’s that time of year, Splunk’s annual Career Impact Survey is here! We invite you to share your experiences and insights about your professional journey with Splunk by completing the survey linked below.

The survey covers questions about you, your organization, your expertise with Splunk, and your career path. Your responses will be fully anonymized, ensuring your privacy and data are completely protected. The survey takes approximately 20 minutes to finish, and as a token of our appreciation, the first 500 qualified participants will each receive a $20 gift card!

Hello, Splunk Community! We are beyond thrilled to announce the 2025-2026 cohort of SplunkTrust members! 

Join us in the Community Zone at .conf to connect, play, and learn with one another! We'll be right near the Splunk Store and Theatre!

This month, we're diving into some brilliant community-driven fixes that simplify life for security practitioners, straight from the trenches of Splunk Answers.

Would you like to feature more solutions like this? Reach out @Anam Siddique on Slack in our Splunk Community Slack workspace to highlight your question, answer, or tip in an upcoming Community Content post! 💡 Our contributors who are highlighted for providing a solution will be given a $25 Cisco Store gift card for their contributions.  

Hey Splunkers,

.conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and uniquely Splunky.

Splunk Community Slack will be enabling SSO and connecting your splunk.com and Slack accounts!! Yay!

Discover how Splunk IT Service Intelligence expands visibility across Cisco Catalyst Center and Meraki environments to help ITOps teams monitor hybrid networks, correlate issues with service impact analysis, and accelerate root cause analysis – all in one place. 

Read on to continue unpacking the business impact of network related issues and how to prevent problems before they start, by pairing rich network data from ThousandEyes with Splunk ITSI’s event intelligence – see the business impact of every performance problem and get to root cause faster, with less guesswork.

This short article shows how tokens and handlers can be used to modify how a dashboard operates, including replacing a chart that is waiting for a search to complete with a tailored HTML panel, changing the values used by CSS, and, controlling the order in which searches execute.

We’re excited to announce our first two inaugural badges!

We're excited to introduce our new Content Calendar, your go-to guide for spotlighted questions from key boards and a dedicated SME Day each month, featuring expert insights and community driven solutions. 

This is a series of blogs demonstrating how to build a dashboard for analysing the web logs from the Splunk Enterprise Search Tutorial dataset, and starts from where the tutorial left off.

This section covers creating an alternative way of comparing hourly rates with the previous few days.

The Splunk Developer Program is now live in public preview! Access centralized tools, resources and community support to build innovative apps on Splunk. Learn more at preview.dev.splunk.com

Attention, Splunkers! We’re thrilled to announce that AppDynamics has officially made its way to the Splunk Ideas Portal. This means you can now submit, track, and collaborate on feature requests for AppDynamics alongside all your other favorite Splunk products. Wondering how to access the portal, find your previously submitted ideas, or share new ones? Don’t worry—we’ve got all the details covered in our latest blog post. Plus, learn how to connect with the Splunk Ideas team directly if you have any questions. Click through to discover how you can shape the future of Splunk and AppDynamics!