Splunk Administration

Splunk Administration
Category Activity
mc_i02035
Hi, we have Dev and Prod linux servers which contains Splunk agents. The infraestructure on Prod  (V 8.2.2.1) contain...
by mc_i02035 Observer in Deployment Architecture 04-25-2025
0 5
0
5
rbal_splunk
We have Splunk Indexer cluster, where each of the indexers has over 200K buckets. During the upgrade using RPM, ther...
by rbal_splunk Splunk Employee Splunk Employee in Installation 04-24-2025
0 3
0
3
xwill13
Hello, I am attempting to configure splunk to allow users to authenticate via CAC card using LDAP. However when I att...
by xwill13 Engager in Security 04-24-2025
0 17
0
17
hemant_lnu
We have one index os_linux which has 2 source type and i see props and transform is written .can you help me to under...
by hemant_lnu Engager in Getting Data In 04-24-2025
0 1
0
1
hrawat
Apply following workaround in default-mode.confAdditionally you can also push this change via DS push across thousand...
by hrawat Splunk Employee Splunk Employee in Getting Data In 04-24-2025
4 15
4
15
afx
The post question did include the answer, but then it could not be marked as an answer, therefore I pushed the conten...
by afx Contributor in Getting Data In 04-24-2025
3 28
3
28
fhatrick
Hi, I have created a new token and index in splunk for my mulesoft project.These are the configurations I have done i...
by fhatrick Loves-to-Learn in Getting Data In 04-24-2025
0 6
0
6
uagraw01
Hello Splunkers!!Issue DescriptionWe are experiencing a significant delay in data ingestion (>10 hours) for one index...
by uagraw01 Motivator in Monitoring Splunk 04-24-2025
0 8
0
8
Karthikeya
We have installed Akamai add-on (https://splunkbase.splunk.com/app/4310) on our HF and installed Java and configured ...
by Karthikeya Communicator in Getting Data In 04-24-2025
0 2
0
2
davidco
We want to use splunk-library-javalogging to send logs via Log4j  to Splunk ServiceEnvironment: Spark with log4j2 in ...
by davidco Loves-to-Learn in Getting Data In 04-23-2025
0 5
0
5
ProPoPop
Hello team!We have a problem with sending data from several Domain Controllers to our splunk instance. We are collect...
by ProPoPop Loves-to-Learn Lots in Getting Data In 04-23-2025
0 2
0
2
gn694
Is there any way to tell whether data coming into Splunk's HEC was sent to the event or raw endpoint?You can't really...
by gn694 Communicator in Getting Data In 04-23-2025
0 4
0
4
Andre_
Hello,We have a few hundred hosts and a handful of customers. I have a csv file with serverName,customerID.I've been ...
by Andre_ Explorer in Getting Data In 04-23-2025
0 2
0
2
becksyboy
Hi All,Has anyone managed to map CrowdStrike Falcon FileVantage (FIM) logs to a Datamodel; if so could you share your...
by becksyboy Contributor in Getting Data In 04-23-2025
0 3
0
3
Splunkers2
Hi, I have onboarded palo-alto traffic and threat logs via HEC and SLS (Strata logging service). These logs are JSON ...
by Splunkers2 Observer in Getting Data In 04-23-2025
0 1
0
1
danielbb
For multiple sourcetypes, linecount is 2, while clearly, it should be 1. Has anybody encountered this case?
by danielbb Motivator in Getting Data In 04-22-2025
0 8
0
8
BogeyMan
Not sure this is even possible, but I'll ask anyway...I have application(s) that are sending JSON data into Splunk, f...
by BogeyMan Loves-to-Learn Lots in Getting Data In 04-22-2025
0 1
0
1
LukasO
  Hello to the community,I try to query Splunk from an external SDK for which I am asking from our admins for a token...
by LukasO New Member in Deployment Architecture 04-22-2025
0 3
0
3
ws
Hi,Unsure what is the root cause as i was trying to do some minor adjustment to ignore the [ ] at the transforms.conf...
by ws Path Finder in Getting Data In 04-22-2025
0 3
0
3
rahulhari88
HiI have a 2 site architectureSite 1 - 2 indexers, 2 ES SHSite 2 - 2 indexers, 1ES SHAll of them are in clusters.I wi...
by rahulhari88 Explorer in Deployment Architecture 04-22-2025
0 6
0
6
ws
Hi,I'm facing an issue where the same data gets indexed multiple times every time the JSON file is pulled from the FT...
by ws Path Finder in Getting Data In 04-22-2025
0 10
0
10
Mridu27
In earlier versions of splunk i remember there use to be an option to disable active user and it will then show as st...
by Mridu27 Engager in Getting Data In 04-22-2025
0 3
0
3
tech_g706
Hi,I need recommendations on typo3 logs source type.Be default, I set source type as "typo3" in inputs.conf but logs ...
by tech_g706 Path Finder in Getting Data In 04-21-2025
0 3
0
3
ws
I'm looking for a way to split a JSON array into multiple events, but it keeps getting indexed as a single event.I've...
by ws Path Finder in Getting Data In 04-21-2025
0 15
0
15
branmcd
Hi all,I’m planning to deploy the Splunk Attack Range in a cloud-based lab environment, likely in AWS or Azure. I nee...
by branmcd Observer in Security 04-18-2025
0 0
0
0
Splunk Learning

Splunk has training and education options for everyone, whether it's your first or fiftieth deployment.

Get Started

Announcements
Register for Upcoming Live Tech Talks! Security and Observability Editions are held every month.

How digitally resilient are you? Take a quick Digital Resilience Assessment to find out if you're prepared for disruption!
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...
Top Karma Authors