Splunk Enterprise

Ask a Question

Discussions

Thread Info

Heavy Forwarder server unable to list established port 9997 from universal forwarder

by Observer in

Problem with DEPLOYMENT after downgrading from 9.4.x to 9.1.9

Hi there. I got a really hard problem after updating to 9.1.9.DS completely broke, can't manage it anymore. ...

by Builder in

Splunk ES Not Generating Notable Events from BOTSv1 (nessus, suricata) Data

I am trying to test Splunk Enterprise Security (ES) by feeding it sample data, but I am unable to get any Notable Eve...

by Explorer in

Can we migrate the configurations from DB Connect 3.2.0 to 4.1.1?

We’re planning to upgrade DB Connect from 3.2.0 and want to confirm if existing configurations (identities, connectio...

by Motivator in

cgroup error when Splunk Universal Forwarder v9.4.4 is installed

Hello, I wanted to test UF v9.4.4 and installed it on RHEL8 and RHEL9 instances. UF v9.4.4 seems to work in our en...

by Loves-to-Learn Everything in

How can I find the list of Splunk versions that are compatible with Red Hat 9.6?

Where can I find the Splunk version compatibility list for RHEL 9.6?

by Explorer in

KVSTORE problem updating from 9.1.x to 9.4.4

Hello.Another great problem.I tested the update on a clean install, 9.1.0 (empty, default) to 9.4.4, and all worked f...

by Builder in

Splunk Entreprise Max Upload issue

Hello Folks, I am currently using Splunk Entreprise10.0.0 on ubuntu , I am trying to upload an app manually but it ...

by Explorer in

9.4.5: SearchHead Cluster csv notification!!!

Hello. Installed today a little environment with 3 SHs in Clustered ENV with a full clean 9.4.5 installation. The...

by Builder in

can't start splunkweb

My splunkweb can't start and on web_service.log show:2025-10-24 15:53:53,423 ERROR [68fb3e92b912c89de7070] root:764 -...

by Loves-to-Learn in

How to get data from splunk with REST API?

Hey together, I'm trying to fetch data from splunk via REST API in a react application. When I try to create ...

by Engager in

How to get SharePoint online list data to Splunk Enterprise?

can anyone share me how to get data from SharePoint Online List to Splunk Enterprise. I have to get user custom ac...

by Observer in

Search head taking too much CPU, slowing down machine

Hello, My installation is the following: a cluster of three search head and three indexer all set on different serv...

by Observer in

Issues with Splunk Universal Forwarder Sending Security Logs After Upgrade to 10.0

Hi Splunk Community, I recently upgraded my Splunk Universal Forwarders from version 9.4.3 to 10.0, and since the u...

by New Member in

Issue with notable index retention kept for 180 days but saving logs for 90 days

Dear, The issue with the notable index, we have configured the notable index with 18 mnths retention period and als...

by Loves-to-Learn Everything in

Sysmon events not being parsed — stuck as xmlwineventlog even with TA-microsoft-sysmon installed

As i am struggling to solve this issue since 3 days. Need help in solving this ASAP, tried everything used GenAI tool...

by Engager in

Splunk shows only 9 months (270 days) data- How do I increase the retention period?

Hi Everyone, I got a strange issue and unable to find a fix. All the indexes have a longer retention period but...

by Path Finder in

Splunk Enterprise MCP Access & Hosting

Has anyone successfully deployed MCP server with Splunk Enterprise in a production environment?If so how would you ha...

by Loves-to-Learn Lots in

Universal Forwarder Central Upgrade Server

Hi all. I really did never understand WHY Splunk Developments never take in mind to develop a Central Upgrader/Down...

by Builder in

Getting data in

Hi, I have a scenario where the heavy forwarder queue gets filled and data doesn't appear quickly in Splunk when th...

by Contributor in

Typo Found in "Edit server Classes" page in Splunk 10.0.1 (Server Class Management)

Hi Splunk Community, I found a minor typo on the "Edit server Classes" page in Splunk Enterprise version 10.0.1. ...

by Loves-to-Learn in

Why is there Forwarder Ingestion Latency Error?

I have splunk instance with 9.0.3 version and my splunk keeps throwing error in Forwarder Ingestion Latency with Root...

by Explorer in

Upgrade Splunk Enterprise 8.1.x to 9.2

Hi, As the title suggests, I want to "revive" a Splunk lab in our company, which was running on version 8.1.2. My...

by Path Finder in

Deploying DB Connect in a search head cluster.

I have a splunk distributed system with 3 indexers, 3 search heads, a manger, and 2 heavy forwarders. I am attemptin...

by Path Finder in

issue on splunk deployment server forwarder manager

hi , in my company we are using splunk enterprise in cluster struct , i recently update my servers not splunk after t...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise

Discussions

Heavy Forwarder server unable to list established port 9997 from universal forwarder

Problem with DEPLOYMENT after downgrading from 9.4.x to 9.1.9

Splunk ES Not Generating Notable Events from BOTSv1 (nessus, suricata) Data

Can we migrate the configurations from DB Connect 3.2.0 to 4.1.1?

cgroup error when Splunk Universal Forwarder v9.4.4 is installed

How can I find the list of Splunk versions that are compatible with Red Hat 9.6?

KVSTORE problem updating from 9.1.x to 9.4.4

Splunk Entreprise Max Upload issue

9.4.5: SearchHead Cluster csv notification!!!

can't start splunkweb

How to get data from splunk with REST API?

How to get SharePoint online list data to Splunk Enterprise?

Search head taking too much CPU, slowing down machine

Issues with Splunk Universal Forwarder Sending Security Logs After Upgrade to 10.0

Issue with notable index retention kept for 180 days but saving logs for 90 days

Sysmon events not being parsed — stuck as xmlwineventlog even with TA-microsoft-sysmon installed

Splunk shows only 9 months (270 days) data- How do I increase the retention period?

Splunk Enterprise MCP Access & Hosting

Universal Forwarder Central Upgrade Server

Getting data in

Typo Found in "Edit server Classes" page in Splunk 10.0.1 (Server Class Management)

Why is there Forwarder Ingestion Latency Error?

Upgrade Splunk Enterprise 8.1.x to 9.2

Deploying DB Connect in a search head cluster.

issue on splunk deployment server forwarder manager

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES

Search History not loading on one node

AI toolkit app 2890

Deployment Manager フォワーダー管理でエージェントが表示されない

otel not pushing data to on-prem splunk

Installing additional software with splunk-ansible...

Splunk Enterprise

Are you a member of the Splunk Community?

Discussions