[Register Here] This thread is for the Community Office Hours session on Data Management in Security on Wed, July 16, 2025 at 1pm PT / 4pm ET.  

Ask the experts at Community Office Hours! An ongoing series where technical Splunk experts answer questions and provide how-to guidance on various Splunk product and use case topics.

What can I ask in this AMA?

• What are the best practices for managing and optimizing security data ingestion in Splunk?
• How can I improve the efficiency of my security data pipelines?
• How do I properly map security logs to the Common Information Model (CIM)?
• How to ensure accuracy and consistency with large volumes of data across multiple security log sources?
• How should I structure my security data for faster investigations and threat hunting?
• What role does AI/ML play in managing and analyzing security data in Splunk?
• Anything else you’d like to learn!

Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (request access here). 

Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants.

Look forward to connecting!