Splunk Enterprise

Community Activity

What is the best way to set up ouptuts.conf in a clustered environment? There a about 3 ways to set up outputs.conf and when you trying to setup forwarders. you can either do a cli entry ... by domino30 Path Finder in Splunk Enterprise 03-24-2025 0 2	0	2
Conditional tagging on an intermediate forwarder I have a configuration where I have an intermediate forward that is forwarding logs to central indexer that I do not ... by MichaelM1 Explorer in Splunk Enterprise 03-24-2025 0 13	0	13
Privilege checks for Script Hello, teamI've made script, which uses the sudo command. I've deployed it on my forwarders and I get the error:messa... by msmadhu Path Finder in Splunk Enterprise 03-23-2025 0 14	0	14
restrict a role by source IP Hello, is it possible to restrict Splunk roles by source IP?example:Splunk role: my_user_role, allowed source IPs 172... by Andre_ Path Finder in Splunk Enterprise 03-23-2025 0 9	0	9
mvexpand is heavy is there another way HiI have the following data.I am looking to get a line per data, so I can work with it better.If I use mvexpand I hit... by robertlynch2020 Influencer in Splunk Enterprise 03-20-2025 0 13	0	13
frozenTimePeriodInSecs only takes effect on IDX restart Hello,I have defined a frozenTimePeriodInSecs for 1 hour on my IDX for a certain index, so that the logs it contains ... by MrLR_02 Explorer in Splunk Enterprise 03-20-2025 0 3	0	3
Does not meet: primacy & sf & rf There was a time when the indexer server shut down unexpectedly, And I've been struggle with indexer clustering rf & ... by blanky Explorer in Splunk Enterprise 03-19-2025 0 7	0	7
Finding Duration and formatting output I'm having trouble getting my duration into the format I'd prefer... I'd like to see the duration to be MM:SS. Howeve... by scottmkirkland Explorer in Splunk Enterprise 03-19-2025 0 6	0	6
time modifiers Here is the situationSearch web security appliance data (index=network sourcetype=cisco_wsa_squid) for non-businessac... by Sukhmeet New Member in Splunk Enterprise 03-19-2025 0 1	0	1
installing CA signed cert - TLS certificate is missing or invalid Hi,I am working on installing CA-signed (ssl.com) cert to a splunk enterprise instance, and keep hitting these two er... by Space_Crawler Observer in Splunk Enterprise 03-19-2025 0 3	0	3
Is saturation level fine as a preparation for additional HEC data stream? For our indexers, we see the following under 'Storage I/O Saturation (Mount Point)' - 0.90% (/opt/splunk) 6.56% (/ind... by danielbb Motivator in Splunk Enterprise 03-18-2025 0 1	0	1
How convert time format Hi , How to convert 2025-03-13T11:03:38Z to the "%d/%m/%Y %I:%M:%S ".I have tried this, but it didn't work.\| eval Las... by Nraj87 Explorer in Splunk Enterprise 03-17-2025 0 3	0	3
indexaccess on appcontext basis Hi splunkers,is it possible to restrict indexaccess to specific appcontext?like a user has read access to app a and w... by TheEggi98 Path Finder in Splunk Enterprise 03-14-2025 0 2	0	2
How configure idle time timeout in splunk web? How to set idle time, when the user has no activity for a long time, for example 15 minutes, then splunkweb will ask ... by imam29 Explorer in Splunk Enterprise 03-13-2025 0 6	0	6
Splunk log retention Hello,I would like to know if it possible to define the retention period for each type of log (Hot/Warm/Cold). For ex... by BRFZ Communicator in Splunk Enterprise 03-13-2025 0 1	0	1
Setting outlook.com as SMTP server for Splunk Hello All,My company is using Outlook (M365 Business Standard). I want to use this Outlook as SMTP server for Splunk.... by phamanh1652 Path Finder in Splunk Enterprise 03-13-2025 0 1	0	1
4688 event code to be excluded from universal forwarder directory path alone Tried below regex to blacklist OR ignore 4688 event codes from the *.exe coming from the splunk forwarder path/direct... by sureshkumaar Path Finder in Splunk Enterprise 03-13-2025 0 6	0	6
License violations due to expiration and after activate we can’t receive logs in SH Hello Team,Could you please assist me with resolving the issue of not seeing logs in SH after applying a new license?... by pacifiquen Explorer in Splunk Enterprise 03-13-2025 0 4	0	4
update transforms.conf and props.conf from an app Dear Members,I have a use case where I would need to update or insert configuration to transforms.conf, props.conf an... by wowbaggerHU Path Finder in Splunk Enterprise 03-11-2025 0 9	0	9
Upskilling suggestion As of now I am working in Splunk since 3 years. I am well versed with development and recently started working on adm... by splunklearner Communicator in Splunk Enterprise 03-10-2025 0 2	0	2
SSL certificate check with SNI (Server Name Indication) Hi I am looking for a SSL Certificate check that does SNI.I've tried Certificates-Expiry, I get results but doesn't s... by Andre_ Path Finder in Splunk Enterprise 03-09-2025 0 0	0	0
Data retention policy Hello,I currently deploy Splunk Enterprise and wanted to find out how to set a data retention policy for the index la... by Adamzeee123 Engager in Splunk Enterprise 03-09-2025 0 1	0	1
Splunk upgrade 9.3 to 9.4 mongodb error Hi AllUpgrading on prem from 9.3 to 9.4 and getting this error on mongod which Iv never had before:The server certifi... by Warren_Laya Explorer in Splunk Enterprise 03-08-2025 2 6	2	6
kvstore issue Hello Splunkers!!We are experiencing frequent KV Store crashes, which are causing all reports to stop functioning. Th... by uagraw01 Motivator in Splunk Enterprise 03-08-2025 0 8	0	8
Searches are not using earliest and latest time modifiers Hello, and I have another weird issue:When I execute a search on a SHC in the Search and Reporting App, getting data ... by TheJagoff Communicator in Splunk Enterprise 03-06-2025 0 1	0	1