Splunk Enterprise

Community Activity

Splunk UI color customization or way to indicate splunk instances We are preparing to implement splunk enterprise in a 3 instance environment (DEV, QA and Production). Is there a way ... by jlundtristate Engager in Splunk Enterprise 04-01-2026 0 2	0	2
mongodb/kvstore v8 on splunk v10.2 - segfault on 6.19.x kernels Hi all,I just want to share some information: there seem to be an issue with mongod v8.0 with recentlinux kernels.htt... by schose Builder in Splunk Enterprise 03-30-2026 1 2	1	2
Splunk Field Extractor I am new to Splunk Enterprise and I have a question.when add new field extraction using Splunk Field Extractor, does ... by osama_11 New Member in Splunk Enterprise 03-30-2026 0 3	0	3
Half of my cluster is not authenticating after and update Yesterday I updated from Splunk ES 10.2.0 to 10.2.1. After the update I started seeing these errors in half of my si... by Jtorge Explorer in Splunk Enterprise 03-30-2026 0 7	0	7
How to calculate threshold for enable_memory_tracker with search_process_memory_usage_threshold? Hi everyone,I am looking for clarification on how Splunk calculates and enforces the search_process_memory_usage_thre... by Utkc137 Explorer in Splunk Enterprise 03-29-2026 0 2	0	2
Error when pushing cluster bundle to SHs Seeing this error on SHC-D when attempting to push bundle to SHs:Error while deploying apps to first member, aborting... by SplunkNinja Path Finder in Splunk Enterprise 03-27-2026 0 10	0	10
How can I on demand update user password on DB Connect without using UI SPLUNK Enterprise : version 10.0.2We shoud change password defined on an identity (Splunk DB Connect) every day and... by dchou314 Engager in Splunk Enterprise 03-26-2026 0 2	0	2
Splunk for SIEM I've been reading through some documents and its a bit confusing with the way Splunk brands their products: I am look... by acisac Explorer in Splunk Enterprise 03-26-2026 0 5	0	5
Check Point App for Splunk Hi,I am using the free app "Check Point App for Splunk" on Splunk Enterprise 9.4. Splunk Enterprise will be upgraded ... by theboss Engager in Splunk Enterprise 03-26-2026 0 3	0	3
Splunk ODBC Driver - Version Mismatch Issue (v3.1.2 reports as v3.1.1) Has any experienced the wrong version being displayed when installing ODBC version 3.1.2?The application displays as ... by FROS-CTR New Member in Splunk Enterprise 03-25-2026 0 0	0	0
to send more than 1 chart as pdf Hi,I have 2 simple queries:\| makeresults\| eval tmp1=1, tmp2=1\| table _time, tmp1, tmp2 \| makeresults\| eval tmp1=12, t... by spisiakmi Contributor in Splunk Enterprise 03-25-2026 0 2	0	2
All indexers are showing starting since half an hour after configuration push We will be modifying indexes.conf and props.conf in Deployment Server and will be pushing to Cluster Manager. When we... by splunklearner Communicator in Splunk Enterprise 03-24-2026 0 1	0	1
Regex if else condition posibilties I'm trying to extract fields using regex based on the condition.Below are the raw payload. {"group_id": "aa2211-3b22-... by ra_52194724 Explorer in Splunk Enterprise 03-23-2026 0 9	0	9
extract specific field i want to extract last word in resource_id field from below events. by ra_52194724 Explorer in Splunk Enterprise 03-21-2026 0 2	0	2
Test Universal forwarder connectivity with Deployement server on splunk enterprise Hi All,I am bit new to Splunk. In my current project, there are around 69,000+ universal forwarders. I need to perfo... by manchou0709 Explorer in Splunk Enterprise 03-20-2026 0 12	0	12
alerts@splunkcloud.com Hi , Can i Use this alerts@splunkcloud.com email for Splunk Enterprise on prem installed as alert sender email? by raymondteledata New Member in Splunk Enterprise 03-19-2026 0 4	0	4
Splunk Universal Forwarder - Linux Installation Hello, I read through the Universal Forwarder installation docs for the latest version of Splunk Universal Forwarder.... by trevorharris New Member in Splunk Enterprise 03-16-2026 0 2	0	2
Saved Searches not editable after upgrade to 10.2.X version Hi community I'm searching for your help.After the Splunk version upgrade from 10.0.1 to 10.2.1, I can't edit my aler... by herguzav Explorer in Splunk Enterprise 03-16-2026 1 3	1	3
6.5.3 UF Looking for the 6.5.3 (ya, i know old) universal forwarder windows msi so I can remove a corrupt install of it.Anyone... by jbruns2023 Engager in Splunk Enterprise 03-15-2026 0 1	0	1
UF directories structure Hello,On UF I've seen that we put pem certificates in etc/apps/myapp/default/dataOn our servers however I've seen som... by splunkreal Influencer in Splunk Enterprise 03-13-2026 0 2	0	2
in-place upgrade vs fresh install. Hi Team,My query is on in-place upgrade vs fresh install. I am new to splunk upgrade. my directory structure in linux... by Namo Explorer in Splunk Enterprise 03-13-2026 0 2	0	2
VMware Carbon black cloud '__cbc_version__' is not defined I am trying to connect my carbon black cloud to Splunk. I installed the prerequisite Splunk Common Information Model.... by mich Engager in Splunk Enterprise 03-13-2026 0 3	0	3
All Splunk internal indexes were disabled with red lock icons Dear All,All of the internal indexes of Splunk, (_audit, _internal, _introspection, _metrics, _telemetry, _thefishbuc... by coweatgrass14 Loves-to-Learn in Splunk Enterprise 03-12-2026 0 6	0	6
Does CVE-2025-3085 fixed on Splunk Enterprise V9.4.8 ? Does anyone know it the verion 9.4.8 fixed the CVE-2025-3085 of the build in MongoDB?MongoDB 5.0.x < 5.0.31 / 6.0.x <... by drychan New Member in Splunk Enterprise 03-11-2026 0 3	0	3
To send chart as a jpg, pdf with the saved search Hi,the problem is very simple.Idea: to send automatically the chart as an attachment via email using saved search or ... by spisiakmi Contributor in Splunk Enterprise 03-11-2026 0 2	0	2