We've got some exciting news for you... Splunk Community Office Hours has officially launched!     What is Community Office Hours? Community Office Hours is a new bi-weekly zoom series where technical Splunk experts answer questions and provide how-to guidance on a different topic every month.  Our Splunk experts are here to support you wherever you are in your journey to building digital resilience - whether you’re working through onboarding initiatives or you’re rolling out and optimizing use cases.  This is your opportunity to ask questions related to your specific challenge or use case.    Register Now! You must register to attend a session. But spots are limited to ensure an intimate and interactive session. So be sure to register before it’s too late!  Upcoming Office Hours  March: Getting Data In (GDI) to Splunk Platform Getting Data In: Session 1: Wed, March 15th – 1:00 pm PT / 4:00 pm ET Getting Data In: Session 2: Wed, March 29th – 1:00 pm PT / 4:00 pm ET April:  Dashboards & Dashboard Studio Dashboards: Session 1: Wed, April 5th – 1:00 pm PT / 4:00 pm ET [Special - Dashboard Studio Challenge] Dashboards: Session 2: Wed, April 19th – 1:00 pm PT / 4:00 pm ET   Head to the Community Office Hours page to view a list of upcoming sessions.   FAQ's When are the sessions?  There will be two 30-minute sessions per month. Each month will cover a different topic. You can join us live to listen in and ask questions, or watch the recordings at your convenience.  Who should attend? Sessions are designed for onboarding and early-maturity customers, but are open to anyone interested in gaining a deeper knowledge of Splunk Platform in a live, interactive environment. Registration is required, but spots are limited! We want to ensure a more intimate and interactive experience.  Who's leading the discussion? Subject matter experts from various Splunk technical, product, and support teams will be staffing the sessions. What’s covered in these sessions? Each 30-minute session will walk you through solutions to your questions around a different topic every month: 20-25 mins: Splunk experts walk participants through solutions to pre-submitted Qs.  5-10 mins: open Q&A, where participants can unmute or post their Qs in the chat. In general, we'll target 5 minutes per question to help us get to everyone.  How do I submit a question? Please submit your questions in advance by:  Posting a comment in the associated event session thread in Community (linked above), or  Posting in the #office-hours user Slack channel (request access here). Please note: We will prioritize pre-submitted questions first, then will open the floor up to live Q&A.  We will prioritize questions with high engagement - so be sure to upvote your favorite questions! While we will attempt to answer all questions, we are limited on time.   Don't miss your chance to gain valuable insights and knowledge from the Splunk experts themselves.  See you there! - Baylie Depp, Community Office Hours Team ... View more

This blog post is part 4 of 4 in a series on Splunk Assist. Click the links below to see the other blog posts. Part 1: What is Splunk Assist? Part 2: Certificate Assist: Identify and Mitigate Certificate Expiry Issues Part 3: Config Assist: Set Up a More Secure Splunk Configuration Part 4: App Assist: Keep Your Enterprise Apps Up-to-Date  In this blog post, we’ll dive into one of the features within Splunk Assist, called App Assist. First, What is Splunk Assist?  (in case you missed it) Splunk Assist is a free, cloud-connected service for Splunk Enterprise. Assist inspects your deployment for security risks, and using telemetry data sent to Splunk Cloud, provides cloud-powered insights and recommendations.  It improves your security posture by helping identify unpatched applications, expiring TLS certificates, and insecure configuration settings. With Splunk Assist you’ll be given recommendations that you can act on immediately to make your deployment even more secure. Based on our initial estimates, the insights and recommendations in Assist may also help reduce admins’ efforts spent on platform management tasks by 25%. What is App Assist? App Assist helps to keep your apps up-to-date and secure. Have you ever installed an app on your Splunk deployment, stopped using it, and as a result never upgraded? This happens to over 50% of our self-managed customers.  App Assist inventories and highlights older versions of your Splunkbase apps running on your search heads that might be missing critical security patches in newer versions. It lists a ranked order of currently deployed apps and add-ons (from Splunkbase) based on version gap and nodes they’re installed on. App Assist displays the list of the apps that need to be updated and instructions to download the latest version. In the screenshot above we see a returned list of apps that ought to be updated or disabled for optimal deployment security. Additional Resources: Config Assist documentation Full detailed blog  Splunk Assist Tech Talk  Questions or feedback? Contact the team at ssg-splunk-assist@splunk.com — Baylie Depp, Product Marketing Manager ... View more

This blog post is part 3 of 4 in a series on Splunk Assist. Click the links below to see the other blog posts. Part 1: What is Splunk Assist? Part 2: Certificate Assist: Identify and Mitigate Certificate Expiry Issues Part 3: Config Assist: Set Up a More Secure Splunk Configuration  Part 4: App Assist: Keep Your Enterprise Apps Up-to-Date In this blog post, we’ll dive into one of the features within Splunk Assist, called Config Assist. First, What is Splunk Assist?  (in case you missed it) Splunk Assist is a free, cloud-connected service for Splunk Enterprise. Assist inspects your deployment for security risks, and using telemetry data sent to Splunk Cloud, provides cloud-powered insights and recommendations.  It improves your security posture by helping identify unpatched applications, expiring TLS certificates, and insecure configuration settings. With Splunk Assist you’ll be given recommendations that you can act on immediately to make your deployment even more secure. Based on our initial estimates, the insights and recommendations in Assist may also help reduce admins’ efforts spent on platform management tasks by 25%. What is Config Assist? Config Assist helps you identify and apply more secure configurations to keep your environment safe.  Do you wonder if your setup is the most secure it could be? Do you worry about when the newest vulnerability patch will come out, or when you should run another security check across all your nodes? Fret no more! Config Assist displays a ranked list of over five security postures across seven *.conf files, along with actionable recommendations to fix those settings. The rankings include critical, warning and conforming, in order of most to least severe. Check out the “security score” to see any configurations that need changing, copy-paste the automation/help text to fix the vulnerability, and you are good to go. In the above picture, we see that of the 60 indicators in this deployment, 6 are critical and 6 have been issued a warning. Config Assist scans and reports on 25+ security configuration parameters across multiple .conf files to help enhance your security posture for search heads and indexers.  Additional Resources: Config Assist documentation Full detailed blog  Splunk Assist Tech Talk  Questions or feedback? Contact the team at ssg-splunk-assist@splunk.com — Baylie Depp, Product Marketing Manager ... View more

This blog post is part 2 of 4 in a series on Splunk Assist. Click the links below to see the other blog posts. Part 1: What is Splunk Assist? Part 2: Certificate Assist: Identify and Mitigate Certificate Expiry Issues  Part 3: Config Assist: Set Up a More Secure Splunk Configuration Part 4: App Assist: Keep Your Enterprise Apps Up-to-Date In this blog post, we’ll dive into one of the features within Splunk Assist, called Certificate Assist. First, What is Splunk Assist?  (in case you missed it) Splunk Assist is a free, cloud-connected service for Splunk Enterprise. Assist inspects your deployment for security risks, and using telemetry data sent to Splunk Cloud, provides cloud-powered insights and recommendations.  It improves your security posture by helping identify unpatched applications, expiring TLS certificates, and insecure configuration settings. With Splunk Assist you’ll be given recommendations that you can act on immediately to make your deployment even more secure. Based on our initial estimates, the insights and recommendations in Assist may also help reduce admins’ efforts spent on platform management tasks by 25%. What is Certificate Assist? Certificate Assist allows you to identify and mitigate certificate expiry issues. Remember those hundreds and thousands of forwarders that you have to manage and track certs for? No more!  Assist scans for TLS certificates in use with a Splunk deployment across all node types, including search heads, indexers, and forwarders. Assist will not only keep track of the expiry date for you but will also warn you and tell you exactly which node has the expired certifications.  Admins can now easily assess and address issues related to certificates before they expire and prevent outages or missing data.  The Certificate Assist overview page lists warnings of certification expiries with suggested actions to take. It displays a ranked order list of certification issues based on the closest expiration date. From here, you can also view and export a list of SSL certificates due to expire soon. See below for a screenshot of what the Certificate Assist page view looks like: The benefit of Certificate Assist is that you proactively avoid the pain of losing connectivity when certificates expire. Additional Resources: Certificate Assist documentation Full detailed blog  Splunk Assist Tech Talk Questions or feedback? Contact the team at ssg-splunk-assist@splunk.com. — Baylie Depp, Product Marketing Manager ... View more

This blog post is part 1 of 4 in a series on Splunk Assist. Click the links below to see the other blog posts. Part 1:  What is Splunk Assist? Part 2: Certificate Assist: Identify and Mitigate Certificate Expiry Issues Part 3: Config Assist: Set Up a More Secure Splunk Configuration  Part 4: App Assist: Keep Your Enterprise Apps Up-to-Date Are you worried about whether your deployment is secure? Are you tired of keeping track of all security vulnerabilities? What about making sure that your hundreds of certificates are not expired? You’re not alone! What is Splunk Assist?  Splunk Assist is a free, fully-managed service that brings the power of Splunk Cloud management insights to Splunk Enterprise deployments - putting your telemetry data to work!  Splunk Assist provides you with a single place to continuously monitor your deployment and take actions on recommendations to improve your security posture. Admins receive cloud-powered recommendations to change configurations and make necessary updates to Splunkbase apps to enhance security. It helps you identify unpatched applications, expiring TLS certificates, and insecure configuration settings.  Based on our initial estimates, the insights and recommendations in Assist may help reduce admins’ efforts spent on platform management tasks by 25%. This time back will allow admins to spend more time on extracting value out of Splunk. In this screenshot we see an overview of the Splunk Assist dashboard which you can find by navigating to the Monitoring Console. Splunk Assist comes with three helper packages: App Assist: Monitors the apps in your deployment to ensure they are up-to-date and secure. Certificate Assist: Identifies certificate expiry issues and provides suggested actions to mitigate certification expiries according to Splunk security best practice. Config Assist: Monitors the configurations in your deployment and provides insights about those configurations according to Splunk best practices. How Do I Set Up Splunk Assist?  Splunk Assist operates as part of the Monitoring Console. It comes with Splunk Enterprise version 9.0 and higher, and you do not have to download or install anything to use it.  There are four easy steps to enable Assist for your deployment (see How to configure Splunk Assist for more details): Enable support usage data (SUD): SUD is needed for Assist to collect telemetry data to provide custom insights (for information on how Splunk uses usage data and how to opt into sharing that data for use by Splunk Assist see Share performance and usage data). Update network settings: Open port 443 and allow outbound traffic to *.scs.splunk.com Configure the Cloud Monitoring Console (CMC), if you have not already (multi-instance deployment setup steps). Enable Assist: Click the "Turn on Splunk Assist" button and you’re good to go! Additional Resources: Splunk Assist documentation Full detailed blog Splunk Assist Tech Talk  Questions or feedback? Contact the team at ssg-splunk-assist@splunk.com. — Baylie Depp, Product Marketing Manager ... View more