Monitoring Splunk

Community Activity

Detecting Unused Index and Reducing Splunk Log Size Is there a way to detect unused indexes in Splunk via a query? Also, how can we control the growth of log sizes effec... by megha_04 New Member in Monitoring Splunk 06-05-2025 0 3	0	3
How to fetch the date passed in the input token to the search. Hi Team Can you please let me know why i am not able fetch the base_date in the dashoard using the below logic. Pleas... by Real_captain Path Finder in Monitoring Splunk 06-05-2025 0 3	0	3
Monitor for delete attempts Hello,Our company has gone through an audit and one of the auditors has asked us to monitor attempts to delete record... by BB2 Explorer in Monitoring Splunk 05-29-2025 0 11	0	11
How do i create diag file on Splunk edge processor Need assistance to create diag file on splunk edge processor by Mahendra_Penuma New Member in Monitoring Splunk 05-20-2025 0 2	0	2
KVStorageProvider max_size_per_result_mb limit Hello Splunkers,Good Day! I'm getting this error consistent. Out of confusion, those this mean it's the estimated KVS... by whitefang1726 Path Finder in Monitoring Splunk 05-20-2025 0 2	0	2
Does Linux universal forwarder use kernel hook technology? Such as eBPF? Does Linux universal forwarder use kernel hook technology? Such as eBPF?The forwarder version is 8.2.1. by xiyangyang Path Finder in Monitoring Splunk 05-19-2025 0 4	0	4
MSSP reporting Hi all,I’ve recently encountered several challenges since migrating to Splunk Mission Control (MS) and would apprecia... by 666Meow Explorer in Monitoring Splunk 05-15-2025 0 0	0	0
Splunk SOAR dashboard for monitoring Hey Everyone,I would like to build a dashboard or use any pre-defined one in order to collect all the details of the ... by spluser1 Loves-to-Learn in Monitoring Splunk 05-11-2025 0 2	0	2
How parsing log increase size of raw log? Is the size of log after being stored in buckets compared to its raw size a metric I should monitor?This question cam... by Na_Kang_Lim Path Finder in Monitoring Splunk 05-09-2025 0 1	0	1
Is there a way to dynamically control the severity of an alert? We would like to dynamically populate the severity field, is it possible? by danielbb Motivator in Monitoring Splunk 04-29-2025 0 3	0	3
How to avoid sending an empty report? Is there a way to avoid sending an empty report? I'm thinking about converting the report to an alert but the custome... by danielbb Motivator in Monitoring Splunk 04-29-2025 0 2	0	2
Late indexed Hello Splunkers!!Issue DescriptionWe are experiencing a significant delay in data ingestion (>10 hours) for one index... by uagraw01 Motivator in Monitoring Splunk 04-24-2025 0 8	0	8
windows events id's gap We have noticed that some Windows Domain Controller server event logs are not appearing in the Splunk search.For exam... by mshakeb Loves-to-Learn Everything in Monitoring Splunk 04-14-2025 0 2	0	2
How can we find the missing events in splunk Hi,Splunk hasn't captured the 4743 events, indicating computer account deletions that occurred yesterday at 2 pm. Whe... by AL3Z Builder in Monitoring Splunk 04-14-2025 0 11	0	11
Splunk supported S2S protocols and enableOldS2SProtocol (oldest protocol) explained Are you recommending enableOldS2SProtocol=true?Are you implementing enableOldS2SProtocol=true?If yes, read below.Spl... by hrawat Splunk Employee in Monitoring Splunk 04-11-2025 4 3	4	3
Any idea what is causing high memory usage in indexers? We have distributed environment with 4 Splunk Indexers which are consuming high memory . It reaches to 100% and remai... by Ashwini008 Builder in Monitoring Splunk 04-10-2025 0 6	0	6
How to fetch the events with the time greater than the time of the 1st event in the dashboard ? Hi Team Can you please let me know how it is possible to fetch the events with the time greater than the time of the ... by Real_captain Path Finder in Monitoring Splunk 04-07-2025 0 14	0	14
Optimizing the expensive saved searches Hi,I am seeking recommendations on optimizing the most resource-intensive saved searches in my Splunk Cloud instance ... by tech_g706 Path Finder in Monitoring Splunk 04-04-2025 0 4	0	4
Restrict users to see their logs (with config IDs) only We have security logs coming to Splunk using data input configuration in Splunk.. The logs have a field called securi... by splunklearner Communicator in Monitoring Splunk 04-03-2025 0 17	0	17
How to fetch the status of an application having multiple jobs ? HI Team Can someone please help me to find how we can fetch the status of the application A1 having 5 jobs (Job1 , Jo... by Real_captain Path Finder in Monitoring Splunk 04-03-2025 0 12	0	12
Get License limit Hello,I'm building a search to get alerted when we go over the license. I have a search that is working well to get t... by lux209 Explorer in Monitoring Splunk 04-03-2025 0 9	0	9
Issue with SHC and Bundle Hello,I have a problem that I can't solve.I have a shcluster with 4 members (including the Captain) and splunk versio... by Treize Path Finder in Monitoring Splunk 04-01-2025 0 5	0	5
POST to /splunkd/__raw endpoint returns CSRF validation failed Hello, I have a confusing issue with the Splunk endpoint POST method execution. Every time I'm trying to send a GET... by louisjannett Engager in Monitoring Splunk 03-27-2025 2 3	2	3
How to determine what is filling the srtemp folder? Lately our searchheads will run into issues where the srtemp folder baloons to 80+GB and fills the local hard drive. ... by briancronrath Contributor in Monitoring Splunk 03-26-2025 0 1	0	1
KVStore error We get these messages. For exmaple dbconnect doesn't work anymore... how could i solve this?03-11-2025 12:09:07.792 +... by Germaine1989 Engager in Monitoring Splunk 03-19-2025 0 7	0	7