Sep 16, 2025 · Are you a member of the Splunk Community? Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!

Find answers, ask questions, and connect with our community of consumers and specialists.

Oct 11, 2017 · Hi, I'm new to splunk, my background is mainly in java and sql. I was just wondering, what does the operator "OR" mean in splunk, does it have a different meaning? for example, am i …

Jul 23, 2025 · What’s New? We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is currently in preview for the Splunk Observability portfolio. …

Jan 7, 2025 · Splunk maintains an active commitment to meeting the requirements of the FIPS 140 standard. Splunk Enterprise and Universal Forwarder currently use an embedded cryptographic …

Tech Talk: App Dev Edition Splunk has tons of out-of-the-box functionality, and you’ve likely used Splunkbase apps to extend Splunk even further. What if you’re looking for even more?! This Tech …

Dec 16, 2024 · Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we have many awaited features and enhancements for both analysts and admins, …

Nov 29, 2019 · Hello, I did some reading up on the hot, warm and cold buckets and data retention of indexes but I am not sure I 100% get it. What I am simply trying to do is to set my indexes to keep …

Sep 4, 2018 · I have an index that is populated by and extensive, long running query that creates a line like "Client1 Export1 Missed. Expected Time: 06:15:00". I have another index that is populated with …

Nov 12, 2014 · Why is | tstats count where index=* by sourcetype so much faster than index=* | stats count by sourcetype ?