Product Tips
Your Splunk deployment is up and running, but you want to work faster and better. Clear and actionable product tips from Splunk experts across all our product lines will get you there. If you still can't find what you need, scroll further down the page to explore all the resources that Splunk has to offer.
- Administration
- Automating Splunk platform administration with a Continuous Configuration Automation framework
- Choosing between Splunk Enterprise deployment methodologies
- Configuring Splunk for Common Access Card (CAC) authentication
- Creating allows lists with the Splunk Cloud Platform Admin Configuration Service (ACS) API
- Implementing best practices for workload management
- Introduction to the Splunk Distributed Deployment Server (SDDS)
- Managing configurations in Splunk Cloud Platform
- Reducing Splunk Enterprise management effort with Splunk Assist
- Scaling your Splunk Enterprise deployment
- Securing the Splunk Cloud Platform
- Securing the Splunk platform with TLS
- Setting up deployment server apps for the enterprise environment
- Sizing your Splunk architecture
- Troubleshooting compatibility issues between components or apps in Splunk Enterprise
- Troubleshooting data not coming in from a Universal Forwarder
- Troubleshooting high resource usage in Splunk Enterprise
- Understanding workload pricing in Splunk Cloud Platform
- Using Admin Config Service (ACS) in Splunk Cloud Platform FedRAMP environments
- Using the deployer
- Data Management
- Adding a heavy forwarder to Splunk Cloud Platform
- Alerting on missing source types
- Alerting on source type volume with machine learning
- Checking the quality of your data sources
- Complying with the Splunk Common Information model
- Configuring new source types
- Enriching data via real-time threat detection with KV Store lookups in Edge Processor
- Getting to know your data
- Improving data onboarding with props.conf configurations
- Improving data pipeline processing in Splunk Enterprise
- Merging common values from separate fields
- Normalizing values to a common field name with the Common Information Model (CIM)
- Organizing machine learning data flows
- Preparing data for use with the Machine Learning Toolkit (MLTK)
- Receiving and storing queued time series data
- Reducing event delay in Splunk Enterprise
- Reducing low-value data ingestion to improve license usage
- Sampling data with ingest actions for data reduction
- Sending Splunk Observability events as Alert Actions
- Setting data retention rules in Splunk Cloud Platform
- Solving data quality issues
- Using ingest actions in Splunk Enterprise
- Using ingest actions to filter AWS CloudTrail logs
- Using ingest actions to filter AWS VPC Flow Logs
- Using ingest actions to filter Windows event logs
- Using ingest actions with source types that are renamed with props and transforms
- Using OpenTelemetry to get data into Splunk Cloud Platform
- Using Splunk DataSense Navigator
- Using Table Views to prepare data without SPL
- Writing better searches with the Common Information Model
- Searching and Reporting
- Accessing search history
- Adding trigger conditions to alerts
- Combining multiple data sources in SPL
- Configuring the trellis layout in Dashboard Studio
- Converting a Classic dashboard to Dashboard Studio
- Creating efficient searches and dashboards for cost reduction
- Following best practices for working with dashboards
- Hiding rows or panels in dashboards with XML
- Optimizing search
- Optimizing Splunk knowledge bundles
- Prioritizing scheduled searches
- Reducing skipped searches
- Reducing Smartstore cache churn with smart Workload Management rules
- Reducing Windows security event log volume with Splunk Edge Processor
- Replacing null values by using the fillnull and filldown commands
- Returning terms or indexed fields from event indexes with the Walklex command
- Safeguarding Workload Management operation during the transition to cgroups v2
- Showing and hiding Dashboard Studio elements based on data availability
- Telling stories with your data using data visualizations
- Troubleshooting and investigating searches
- Updating deprecated HTML dashboards
- Using advanced macros
- Using Dashboard Studio inputs in the canvas
- Using summary indexing to accelerate searches
- Using the events viewer visualization in Dashboard Studio
- Using the highlight command
- Using the Link to Search and Link to Reports interactions in Dashboard Studio
- Using the makeresults command
- Using the top and rare commands
- Working with multivalue fields
- Writing better queries in Splunk Search Processing Language
- Extending the Platform
- Configuring Splunk DB Connect
- Converting complex data into metrics with Edge Processor
- Converting logs into metrics
- Converting logs into metrics with Edge Processor for beginners
- Creating better custom applications with the Splunk UI Toolkit
- Customizing the Splunk OpenTelemetry distribution to accommodate unsupported use cases
- SimpleXML Examples app end of life FAQ
- Splunk Custom Visualizations apps end of life FAQ
Where Else to Find Help
| Resource | Description |
|---|---|
| The free Search Tutorial guides you through adding data, searching, and creating simple dashboards. | |
| Deliver apps and integrations that bring new kinds of data into the Splunk platform and deliver data-based insights. | |
| Get a free 14-day trial of Splunk Cloud Platform and search, analyze, and visualize 5 GB/day of your own data in a Splunk hosted cloud environment for fast insights. | |
|
Lunch 'n Learn |
Join these free workshops to connect & interact with experts, colleagues, and peers while learning how to use Splunk with Splunk4Rookies, Splunk4Ninjas, and more. Ask your account team how. |
| Join these virtual, interactive, hands-on, and free workshops to connect & interact with experts, colleagues, and peers while learning about topics relevant to public sector organizations. | |
| Migrating from on-premises to Splunk Cloud Platform | Follow our step-by-step guide of resources, tools, services, and best practices to ensure your move to the cloud is successful. |