Splunk Enterprise

Ask a Question

Discussions

Thread Info

Python Error After Upgrading from 8.2.2.1 to 9.0.2

Our Dev Splunk instance was recently upgraded from Splunk Enterprise 8.2.2.1 to 9.0.2. I am getting the following e...

by Path Finder in

Upgrade Splunk Universal forwarder version from 8.1 to 9.0 directly?

Hi Team, We are now migrated to Splunk cloud platform version 9.0.x and the logs we are collecting from differe...

by Explorer in

how to add a column

Hi , needed a help. i need to add a column that is added newly to the sql data.below is the query| savedsearch ABC| j...

by Path Finder in

multiple lines are coming as single event

Hi Team, I am collecting metrics using API calls for every 5 minutes , but all the metrics are coming as a s...

by Path Finder in

Search help please

Good morning!! I am a Beginner in Splunk, below query only tell me whether HF is DOWN or HEALTHY. +++++++++++++++++...

by Explorer in

Multivalue field problem Is there any way to use without "mvexpand"

IDcurr_rowcomparison_result19Turn onequal191245equal191245equal191245equal191245equal191245equal191245equal20Turn onn...

by Path Finder in

Is this how hot/warm buckets on nutanix object store and worm work?

Hi I am writing the implementation document for Splunk on Nutanix. Thinking about backup for disaster recovery, d...

by Path Finder in

Why is Savedsearch giving only partial results?

I have a saved search pushed to my splunk app. The search only gives me partial events searched (9k events ),...

by Loves-to-Learn Lots in

Custom REST Endpoints not working?

We have created the custom REST endpoints and its working in Splunk server 8.1.3.But same REST end point is not worki...

by Explorer in

How to create and set up indexer?

Hello, I’m trying to set up a cluster and I know that I need to have an indexer set up, however, I have no idea how t...

by Engager in

How do I set up 2 peer nodes in my environment?

Hello, I'm trying to set up 2 peer nodes in my environment, however, every time I go and enable the peer node it give...

by Engager in

Why am I unable to ingest xml data into Splunk?

I am tring to ingest xml file data using below inputs.conf configuration. I am unable to ingest the data. i am not...

by Explorer in

About Parsing on Splunk- help with props.conf and stransforms.conf?

i have ingested logs on univesral forwarder by creating file under/var/log/filename .log & connected to heavy forward...

by New Member in

Why receiving error"This dashboard version is missing. Update the dashboard version in source" after upgrading on prem?

We recently upgraded our on prem Splunks to version 9.0.0 and now any time we click on our home grown Dashboards we g...

by Contributor in

How do I make a Custom dashboard with js?

Hello everyone, I need some help with a spl request. <row><panel><title>SUIVI DES FLUX - TRANSMISSION...

by Path Finder in

Smartstore with S3 - how to authenticate AWS EKS v1.24+ with Splunk 9.0.* and Smartstore ?

Hi, we have been running indexer pods with Smartstore on S3 for a while without problems. When upgrading to AWS EKS...

by New Member in

Tabs in Dashboard Studio- Is there a way to implement multiple tabs/pages for a single dashboard?

Is there a way to implement multiple tabs/pages for a single dashboard? I have previously asked how to do this and I ...

by Explorer in

Will my ITSI setting work- itsi_notable_event_retention.conf?

does setting the following configuration in itsi_notable_event_retention.conf will send the events if limit is reache...

by Explorer in

Oracle Linux 7 Glibc issue and solution

Upgrading glibc package version 2.17-326.0.5.el7_9 on Oracle Linux 7 can cause crashes. Please see https://github....

by Splunk Employee in

SavedSearch API - Update my splunk report

I need an API call to run a Splunk report that has already been saved and add the most recent values to the repor...

by Loves-to-Learn Lots in

How to create a search to join two query's for common values to populate results in table?

"my base query 1 to Total _count_of_sucess_transactions" | rex "URI\s*(?<URI>[^\=\n]+)" "my ba...

by Communicator in

Is it possible to have alerts and reports assigned to nobody as owner?

would there ever be a scenario where its acceptable to have enabled alerts and or reports running which are not assig...

by Contributor in

Eventgen: How to create a frequency based on timestamp?

Hello ! I would like to generate a drop down of data during a specfic hour. Let's say 2pm here is my eventgen.con...

by Explorer in

Is there a version that doesn't have high CPU usage like in 9.0.2?

Hi Community, I have upgraded the Splunk cluster to version 9.0.2 and noticed high CPU usage in the cluster s...

by Contributor in

How can we implement read only columns in the Splunk App for Lookup File Editing?

We are using Splunk Enterprise 9.0.1 OnPrem, with Splunk App for Lookup File Editing version 3.6.0.We need to get a u...

by Communicator in

Get Updates on the Splunk Community!

Splunk Enterprise

Discussions

Python Error After Upgrading from 8.2.2.1 to 9.0.2

Upgrade Splunk Universal forwarder version from 8.1 to 9.0 directly?

how to add a column

multiple lines are coming as single event

Search help please

Multivalue field problem Is there any way to use without "mvexpand"

Is this how hot/warm buckets on nutanix object store and worm work?

Why is Savedsearch giving only partial results?

Custom REST Endpoints not working?

How to create and set up indexer?

How do I set up 2 peer nodes in my environment?

Why am I unable to ingest xml data into Splunk?

About Parsing on Splunk- help with props.conf and stransforms.conf?

Why receiving error"This dashboard version is missing. Update the dashboard version in source" after upgrading on prem?

How do I make a Custom dashboard with js?

Smartstore with S3 - how to authenticate AWS EKS v1.24+ with Splunk 9.0.* and Smartstore ?

Tabs in Dashboard Studio- Is there a way to implement multiple tabs/pages for a single dashboard?

Will my ITSI setting work- itsi_notable_event_retention.conf?

Oracle Linux 7 Glibc issue and solution

SavedSearch API - Update my splunk report

How to create a search to join two query's for common values to populate results in table?

Is it possible to have alerts and reports assigned to nobody as owner?

Eventgen: How to create a frequency based on timestamp?

Is there a version that doesn't have high CPU usage like in 9.0.2?

How can we implement read only columns in the Splunk App for Lookup File Editing?

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

AI toolkit app 2890

Assistance Needed: Pulling Data from Splunk Enterp...

issue on splunk deployment server forwarder manage...

Deployment Manager フォワーダー管理でエージェントが表示されない

otel not pushing data to on-prem splunk

Splunk Enterprise

Are you a member of the Splunk Community?

Discussions