Community Office Hours

Community Office Hours
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Community Office Hours

View:
Security: Exposure Analytics: Your Questions, Our Experts, Real-Time Solutions
Wednesday, June 24, 2026
[REGISTER HERE] This thread is for the Community Office Hours session on  Security: Exposure Analytics: Your Questions, Our Experts, Real-Time Solutions on Wednesday, June 24, 2026 at 10 am PT / 1 pm ET.    Do you have specific questions about Exposure Analytics or how to leverage it within your security operations? Join our open Office Hours session, an AMA designed for users of all skill levels. Bring your unique scenarios, deployment questions, or specific use cases directly to our Splunk experts. Submit your questions in the sign-up form to the right of the page and we will tackle them live! What can I ask in this AMA session? How is Exposure Analytics integrated into Splunk Enterprise Security? Is Exposure Analytics available for all Splunk ES customers? Any additional capabilities for ES Premier users? How can I use Exposure Analytics to accelerate investigations? Any extra steps required to bring data onboard to Exposure Analytics? What configuration steps does my admin need to take to get Exposure Analytics up and running for the team? Anything else you’d like to learn! Please submit your questions at registration. You can also head to the #office-hours Community Slack channel to ask questions (sign-in with SSO here). Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants. We look forward to connecting with you!
Cover Images - Office Hours.png
From Alert Storms to Signal: Live Q&A on Reducing Noise Across Your Network
Wednesday, July 15, 2026
[Register here - coming soon!] This thread for the Community Office Hours session on From Alert Storms to Signal: Live Q&A on Reducing Noise Across Your Network on Wed, June 3rd, 2026 at 11am PT / 2pm ET.  Ask the experts at Community Office Hours! An ongoing series where technical Splunk experts answer questions and provide how-to guidance on various Splunk product and use case topics.  What can I ask in this AMA?  What are the top three indicators you recommend we prioritize when trying to identify which alerts are genuine service-impacting events versus standard "noisy" background telemetry? In ITSI, what is the best practice for balancing static thresholds versus adaptive thresholding to ensure we aren't missing anomalies while keeping noise levels manageable? What are the most effective strategies for configuring Notable Event Aggregation Policies to group related alerts without losing the critical context needed for troubleshooting? How can we better leverage ITSI to map alerts to the correct teams, especially when a single issue spans multiple domains like application, infrastructure, and network? What are your recommendations for integrating ITSI notable events with downstream tools (like PagerDuty or ServiceNow) to ensure that only truly actionable alerts trigger an on-call page? How can we use the data captured in ITSI after an incident to refine our correlation searches and prevent similar "alert storms" from recurring in the future? Please submit your questions at registration or as comments below. You can also head to the #office-hours Community Slack channel to ask questions (log-in with SSO here).   Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants.  Look forward to connecting! 
Screenshot 2026-05-18 at 13.00.30.png
Labels (3)
Splunk MCP Server: Ask me Anything
Thursday, July 23, 2026
[Register HERE]. This thread is for the Community Office Hours session on Splunk MCP Server: Ask Me Anything on Thurs, July 23, 2026 at 11:00 AM PT / 2:00 PM ET. Ask the experts at Community Office Hours! An ongoing series where technical Splunk experts answer questions and provide how-to guidance on various Splunk product and use case topics. In this session, we’ll focus on Splunk MCP Server and how it helps connect AI assistants and agents with Splunk through a secure, standardized interface. Join us to learn how to get started, understand key prerequisites and permissions, explore admin capabilities, and see how MCP Server can help users explore Splunk. What can I ask in this AMA? What is Splunk MCP Server and why is it useful? How can I get started with MCP Server? What prerequisites or permissions do I need before using MCP Server? What Admin capabilities does Splunk MCP Server provide? How can MCP Server help me explore Splunk data and run SPL searches? What are some common use cases for MCP Server across security, observability, and platform workflows? Anything else you’d like to learn about MCP Server! Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (sign in with SSO here). Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants. Look forward to connecting!
Cover Images - Office Hours (32).png
Labels (3)