This puzzle is based on a letter grid containing tangled words. 

The diagram was created in draw.io which can use XML documents to export and import diagrams.

The challenge is to process the XML document using SPL to find the tangled words.

Advent of Code is a brilliant site run by Eric Wastl which has been running for over a decade setting programming puzzles in the style of an Advent Calendar during December. Full credit to Eric for conceiving these puzzles. Recently, Community member Gabriel Vasseur has been posting articles on his website, the fourth of which is here. Gabriel also posted links to his articles on the #puzzles Slack channel. This blog is my attempt to follow in Gabriel's footsteps with my own attempts at independently solving the Advent of Code puzzles. I am making no judgement on which solution is better, from my point of view, the fun is in trying to solve the puzzles with SPL.

We’ve reorganized the Splunk Community navigation to help you find the answers, programs, and events you love...faster than ever before. Dive in to see what’s new!

Stop struggling with inconsistent field names across your data sources. Learn how to use the Splunk Common Information Model (CIM) to simplify your SPL and future-proof your dashboards.

Advent of Code is a brilliant site run by Eric Wastl which has been running for over a decade setting programming puzzles in the style of an Advent Calendar during December. Full credit to Eric for conceiving these puzzles. Recently, Community member Gabriel Vasseur has been posting articles on his website, the third of which is here. Gabriel also posted links to his articles on the #puzzles Slack channel. This blog is my attempt to follow in Gabriel's footsteps with my own attempts at independently solving the Advent of Code puzzles. I am making no judgement on which solution is better, from my point of view, the fun is in trying to solve the puzzles with SPL.

Embark on a 16-bit adventure to master Splunk Observability Cloud. Play 'Into the Deep' to learn about system reliability and APM through seven interactive levels—and enter for a chance to win Cisco Store credit for Splunk gear! 

Want to learn Splunk Observability Cloud without the jargon? Play our 5-minute interactive games to master OpenTelemetry, Code Profiling, and AI-driven troubleshooting—and earn Cisco Store credit for Splunk gear while you do it!

Lightning Talks. Big Ideas. Two Chances to Join.

The Splunk Community Champions are back with rapid-fire sessions full of tips, tricks, and “oh dang” moments. Register for one of two global-friendly sessions and bring your brain.

Advent of Code is a brilliant site run by Eric Wastl which has been running for over a decade setting programming puzzles in the style of an Advent Calendar during December. Full credit to Eric for conceiving these puzzles. Recently, Community member Gabriel Vasseur has been posting articles on his website, the second of which is here. Gabriel also posted links to his articles on the #puzzles Slack channel. This blog is my attempt to follow in Gabriel's footsteps with my own attempts at independently solving the Advent of Code puzzles. I am making no judgement on which solution is better, from my point of view, the fun is in trying to solve the puzzles with SPL.

AI is rapidly becoming foundational to modern applications, powering everything from software development and customer support to business-critical workflows.

To help you navigate this complexity, we’re excited to invite you to our Observability for AI series, a three-part campaign featuring a Webinar, Tech Talk, and Community Office Hours. Each session is designed to help you gain deeper visibility, reduce operational toil, and ensure your AI-driven systems remain reliable, safe, and cost-effective.

👉 Register for one or all sessions and take the next step in your Observability for AI journey.

Advent of Code is a brilliant site run by Eric Wastl which has been running for over a decade setting programming puzzles in the style of an Advent Calendar during December. Full credit to Eric for conceiving these puzzles. Recently, Community member Gabriel Vasseur has been posting articles on his website, the first of which is here. Gabriel also posted links to his articles on the #puzzles Slack channel. This blog is my attempt to follow in Gabriel's footsteps with my own attempts at independently solving the Advent of Code puzzles. I am making no judgement on which solution is better, from my point of view, the fun is in trying to solve the puzzles with SPL.

For a previous puzzle, I needed some sample data, and while researching for this, I came across the data I was interested in, but it was in an HTML Table. This inspired me to create this puzzle. The challenge is to take an HTML table and convert it to a Splunk table.

Discover how 2025 was a landmark year for the Splunk App Platform, marked by innovation, community growth, and exciting new initiatives. From launching the unified Splunk Developer Program and Developer Advisory and Support to record-breaking engagement at .conf25 and the Splunk Build-a-thon, the developer ecosystem thrived like never before. Get ready for an inspiring 2026 with the first-ever Splunk Developer Day, new Partner Tech Talks, and .conf26 in Denver. Join us as we continue to empower builders and drive the future of app development on Splunk!

From Splunk Engineer to Founder: The Journey Behind TrackMe

In this Developer Spotlight, we explore how Guilhem Marchand transformed years of hands-on Splunk experience into TrackMe—a globally adopted platform for monitoring data quality and operational health. From its open-source beginnings to serving enterprise and Fortune 100 customers, discover the challenges, milestones, and vision behind building a trusted Splunk-native solution.

The overall aim of this puzzle is to convert XML event to fixed-length events, and it has been split into multiple parts. The first part was about preparing the field template by dereferencing the field names, so that their positions could be compared. The second part was about using nested loops to process each sequence segment against all the other sequences, until the whole sequence is determined. The third part was about dynamically formatting the data with the correct width and justification. This final part is to bring the techniques used in the earlier parts to create a single SPL search to convert the XML events into a fixed-length, pipe-delimited format, whilst maintaining the order of the fields.

The overall aim of this puzzle is to convert XML event to fixed-length events, and it has been split into multiple parts. The first part was about preparing the field template by dereferencing the field names, so that their positions could be compared. The second part was about using nested loops to process each sequence segment against all the other sequences, until the whole sequence is determined. This third part is about determining how wide each field should be (to just hold the widest value) and formatting the data with the correct justification (numerics are right-justified (space-filled) and non-numerics are left-justified).

The overall aim of this puzzle is to convert XML event to fixed-length events, and it has been split into multiple parts. The first part was about preparing the field template by dereferencing the field names, so that their positions could be compared. This second part is about an alternative approach to the field template process. To that end, the challenge for this part is to take some XML events and, by using nested loops, determine the correct order that the fields appear in, by  processing each sequence segment against all the other sequences, and merging or joining the sequence segments until the whole sequence is determined.

The overall aim of this puzzle is to convert XML event to fixed-length events, and it has been split into multiple parts. This first part is about preparing the field template so that it can be used to place the data in the correct order in the fixed-length (and pipe-delimited) events. To that end, the challenge for this part is to determine the correct order that all the fields appear in, by comparing the position of each field with the position of every other field, dereferencing the field names to find their positions.

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get early access to new research opportunities shared by Splunk Product Researchers. 

This puzzle is about obfuscating a field by replacing specific characters with the same number of characters. More specifically, in an event which has a fixed length, with pipe-delimited fields, just replace the non-space characters with an asterisk (*), just using a single regular expression (rex command).

This article contains a walkthrough to a solution for this puzzle, and demonstrates an approach to developing a regular expression to solve it.

If you are anything like me, you love to solve problems, and what better way to do it than with Splunk! Expand your Splunkiverse by learning and using lesser known/used commands, techniques, and data analysis insights to solve innovative puzzles and challenges.

Join the Slack #puzzles channel and have fun!

Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are misattributed, investigations stall, and compliance reporting becomes unreliable. Yet practitioners face recurring challenges: inconsistent data across sources, missing attributes, schema drift, and conflicts between authoritative systems

Welcome to the November edition of our Community Spotlight! This month, we’re focusing on two tricky scenarios that can stump even seasoned Splunk pros, both involving the art of choosing the right command for the job.

💡 Our contributors who are highlighted for providing a solution will be given a $25 Cisco Store gift card for their contributions

This month, we saw incredible engagement around our Content Calendar and SME Day, and we want to give a special shoutout to the members who made it all possible.

For BORE at .conf24, we had a puzzle question which was to find integers which were multiples of 3. Rather than providing spoilers (in case we run BORE again and allow previous questions to be answered), I have devised another puzzle on similar lines. Find the integers which are multiple of 9, just using a single regular expression (rex command). This article provides some pointers on how to solve this puzzle.

Welcome to the October edition of our Community Spotlight! 

This month, we're diving into two common but often misunderstood issues that can cause major headaches: incorrect event timestamps and scary license warnings.

💡 Our contributors who are highlighted for providing a solution will be given a $25 Cisco Store gift card for their contributions

CX day and every day is all about how we drive your success with Splunk. Tune in with us on October 7th!!

Boss Of Regular Expression (BORE) was an interactive session run again this year at .conf25 by the brilliant Splunk experts Clara and Cary, assisted by members of the Splunk Trust. We spent a couple of hours on Tuesday afternoon trying to solve problems using regular expressions to gain points. The problems were nominally rated as Beginner, Intermediate and Advanced, with bonus (hidden) strings so that more generalised solutions could gain extra points. Here's a statistical analysis of what happened!

Hello Splunkers,

And just like that, .conf25 is in the books! What an incredible few days — full of learning, networking, and community energy. For me personally, this was extra special. As someone who recently joined Splunk from the AppDynamics Community, it was my very first .conf. I finally got to meet so many of my coworkers face-to-face and connect with countless community members I’d only known online.

The Builder Bar at .conf25 was buzzing with energy, ideas, and innovation this year! We had a blast connecting with Splunk developers, app builders, and innovators of all types. Read on to see what went down at the Builder Bar and see what’s next for Splunk app developers, including how you can join the newly launched Splunk Developer Program!