| | Is there is any Query to check whether the indexers status is down, up or in unknown state . I can check in monito... 0 4 | 0 | 4 | |
| | I'm planning to upgrade upgrade splunk environment now.3 shcluster - 3 index cluster - 2 heavy forwarder - 1 master. ... 0 5 | 0 | 5 | |
| | Hello, I have a bash script that basically creates a cronjob. Not sure if this is allowed or not but I am able to exe... 0 4 | 0 | 4 | |
| | Q: Need to forward the data from all the indexes (Windows, Linux, etc...) to CyberArk PTA via Syslog or any other fro... 0 11 | 0 | 11 | |
| | HelloUsing Splunk 9.3.2What does this error mean ?ERROR TcpOutputFd [ TcpOutEloop] - Expecting to be in eWaitCapabili... 0 3 | 0 | 3 | |
| | Description:I am using a Splunk Heavy Forwarder (HF) to forward logs to an indexer cluster. I need to configure props... 0 13 | 0 | 13 | |
| | | 0 | 3 | |
| | As the computer laptop field continues to grow the use of ARM based chips for Windows 11, is there an ETA on a Splunk... 0 1 | 0 | 1 | |
| | Teamam looking for some suggestions or insights Patch Automation through Ansible , Terraform 0 1 | 0 | 1 | |
| | Hi all,My customer would like to use Smartstore with on prem S3 storage(Storagegrid) and then tier the older data(aft... 0 2 | 0 | 2 | |
| | Hi,I have a python modular input that populates an index (index_name). This ran into some gateway error issues causin... 0 1 | 0 | 1 | |
| | I am trying to identify the user or process responsible for stopping the Splunk UF agent. What log source do I requir... 0 2 | 0 | 2 | |
| | Dear fellas,I have an issue on Monitoring Console that show wrong information of instance after upgrade from 9.2.2 up... 0 6 | 0 | 6 | |
| | I have configured an app and added 7 different source files in a single inputs.conf with the same index name and sour... 0 6 | 0 | 6 | |
| | Hi, We have configured a data input in HF and there is an option to select index there. I have created new index in C... 0 35 | 0 | 35 | |
| | I'm trying to extract endpoint data from Cortex XDR, but I don't want to see just alerts in Splunk—I need all the end... 0 3 | 0 | 3 | |
| | I am having difficulty converting event logs to metric data pointshttps://docs.splunk.com/Documentation/Splunk/9.4.0/... 0 1 | 0 | 1 | |
| | Splunk Cloud had an update this past Sunday, 3 Mar 2025. Since then, admins are unable to change a user's role. Is th... 0 5 | 0 | 5 | |
| | HelloUsing Splunk 9.3.2I want to deploy an app to all Windows UF only. This config doesn't work. [serverClass:scalluf... 0 2 | 0 | 2 | |
| | I'm new in Splunk and have a test environment contains search head cluster with three Splunk 9.0.1 instances: one dep... 0 2 | 0 | 2 | |
| | I have 3 new splunk enterprise. 2 are acting as search heads and 1 is acting as deployer.I have successfully made the... 0 2 | 0 | 2 | |
| | I want to send the all the event to nullqueue except having match "EventType": 5000. {"EventID": 2154635, "EventType"... 0 5 | 0 | 5 | |
| | input: {author=John, book=Splunk } output table author book John Splunk 0 4 | 0 | 4 | |
| | The current version is not available for the cloud.According to conversations with Splunk Support, the update address... 0 3 | 0 | 3 | |
| | Hello there. I would like to ask about Splunk best practices, specifically regarding cluster architecture. One sugges... 0 2 | 0 | 2 | |
