We are noticing some random users search query is not reflecting host fields and other users from the same ROLE can see the host field with same query. . ... View more

We often encounter situations where a particular application begins generating unusually high volumes of logs for a specific source, sourcetype, or index. This can quickly lead to excessive license consumption and unplanned cost overruns. To address this, I am exploring an approach that provides more direct control to application owners or stakeholders—allowing them to decide whether log ingestion should be temporarily paused or approved for suspension. This could be achieved through an automated workflow where users receive an API-triggered notification or an email containing a decision link. With this model, we can prevent unnecessary license impact while ensuring that any action taken has explicit user consent. I’d appreciate your thoughts on this approach. ... View more

I am seeking recommendations on how to better control DDAS license consumption by identifying log patterns that are unnecessary and eliminating them before they reach the indexing layer, or alternatively moving older/low‑value data to archival storage so that it does not count toward DDAS usage. We have already begun exploring several approaches—including leveraging summary indexes, routing selected logs directly to S3, and filtering out unwanted data at the ingestion layer. However, we are looking for a more effective strategy that allows us to reduce DDAS usage while still retaining the original log structure and maximum field availability where required. ... View more

Looking for an feasibility or future release plan of Events Deduplication on Splunk Cloud either using EP / IP. ... View more

We are looking for feasible to integrate with Mule Cloudhub with Splunk Cloud directly for logs ingestion. Please suggest ... View more