×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
salohiddin
Explorer
Member since: ‎08-27-2025
‎10-19-2025
Community Statistics
Posts 5
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎08-27-2025
Activity Feed
View All

Does Splunk Enterprise Security (ES) require a sep...

by in Splunk Enterprise Security
‎10-19-2025 02:28 AM
‎10-19-2025 02:28 AM
I want to clarify how licensing works between Splunk Enterprise and Splunk Enterprise Security (ES). If an organization purchases both Splunk Enterprise and Splunk ES, do they receive two separate license files or just one unified license file that covers both products? Additionally, is there any way to verify from the Splunk console or license XML that ES entitlement is included bef? ... View more
Labels

Can Splunk ES Trial Work with the Splunk Enterpris...

by in Splunk Enterprise Security
‎10-10-2025 04:01 AM
‎10-10-2025 04:01 AM
Hello everyone, I have a question about trial licenses. Can the Splunk Enterprise Security (ES) license work together with the free trial version of Splunk Enterprise (500 MB/day, valid for 60 days)? I saw a similar question on the community from around 10 years ago, but there wasn’t a clear answer. Thank you in advance for your help! ... View more
Labels

Mask credit card numbers but keep originals for in...

by in Splunk Enterprise
‎09-04-2025 10:38 PM
‎09-04-2025 10:38 PM
Hi all, I want to mask credit card numbers in Splunk (e.g. show them as XXXX) so users on the console can’t see the full values. But for investigations we still need a way to access the originals. What’s the best practice for handling this in Splunk? Thanks! ... View more
Labels

Custom app not overriding UF inputs.conf (WinEvent...

by in Splunk Enterprise
‎08-29-2025 02:49 AM
‎08-29-2025 02:49 AM
Hi everyone, I’m trying to disable Windows Security Event logs on a Universal Forwarder using Deployment Server apps, but it’s not working. What I did: First I created an app called disable-security-event with local/inputs.conf:   [WinEventLog://Security] disabled = 1 Deployed it via Deployment Server → shows as successfully deployed on UF. Still Security logs keep coming. Then I read about alphabetical precedence, so I created another app ZZZ_disable_security with the same config. That also deployed fine, but btool still shows the disabled = 0 from:   C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf In Splunk Search I can still see Security logs arriving. So in short: Both apps were deployed successfully (I see them in console UI). But they don’t override the settings from SplunkUniversalForwarder\local\inputs.conf. Question: How can I properly override or disable Security Event logs defined in SplunkUniversalForwarder\local\inputs.conf using Deployment Server? Is there a way to make my custom app take precedence, or do I need to remove/modify that file manually? (I am doing it for education to learn Deployment Server, to understand how it works? I will attach a file of screenshots. Thanks! ... View more

How to stop Splunk UF from sending old Windows log...

by in Splunk Enterprise
‎08-27-2025 03:25 AM
‎08-27-2025 03:25 AM
Hi everyone, I installed a Splunk Universal Forwarder on a Windows server and by default it immediately started sending a huge amount of old Security/System logs. This quickly caused a license violation. Later I saw that in inputs.conf there is a parameter start_from = oldest. But during the UF installation (using the GUI) I didn’t see any option to control this. After installation it just started forwarding everything. So my question is when is the right time to configure start_from? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎10-19-2025 09:23 PM
Karma given to