This month, we’re delivering several new innovations in Splunk Observability Cloud and Splunk AppDynamics (25.4 release) to help improve ITOps and engineering teams’ ability to detect and resolve business-impacting incidents faster with less toil. Access centralized tools, licenses, support, and community recognition to build high-quality apps and extend Splunk’s capabilities. The new SOC4Kafka connector, built on OpenTelemetry, enables the collection of Kafka messages and forwards these events to Splunk. This integration enables real-time monitoring, analysis, and valuable insights from collected event data.

Data Sharing

They assist other members, participate in events, demonstrate the power of Splunk’s products, and help guide future roadmaps. Splunk has training and education options for everyone, whether it’s your first or fiftieth deployment.

Splunk Documentation

We’ve seen major advancements, exciting new features, and a wealth of knowledge shared. As we continue our “Strengthen Your Future” series, it’s the perfect time to reflect on some of the most impactful announcements and resources that are shaping the Splunk Platform. This exporter defines the configuration settings of a Splunk HEC endpoint. More documentation and examples are available as part of the OpenTelemetry Collector Contrib github repository.

What’s New in Splunk Observability Cloud and Splunk AppDynamics – May 2025

We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is currently in preview for the Splunk Observability portfolio. These new innovations to Splunk Observability Cloud are designed to help ITOps and engineering teams better standardize observability practices across teams, improve end-user experiences, optimize cloud monitoring and debug problems faster in microservice-based applications. The features in this article are now generally available to customers as of June 24, 2025. Small note to add, since v9.x the password complexity is enforced in the user-seed.conf file as well. So be sure the new password is at least 8ch long or whatever your complexity requirements are.

• These new innovations to Splunk Observability Cloud are designed to help ITOps and engineering teams better standardize observability practices across teams and optimize their observability costs.
• If the new etc/passwd file is not created, then check splunkd.log file for the failure reason.
• Our old splunk admin left the company and I’ve been asked to help with Splunk while we are replacing her.
• Splunk AI Assistant for SPL via a cloud-connected solution revolutionizes GenAI by securely hosting AI services in the Splunk-managed Cloud Platform while transmitting only the minimal data needed.
• They assist other members, participate in events, demonstrate the power of Splunk’s products, and help guide future roadmaps.

Splunk Observability Cloud introduces multi-org management self-service experience with APIs for child org creation enabling role-based data segregation. Ensure your trading indices strategies Splunk apps are ready for the future! Splunk Enterprise 10 is here, don’t let your users be left behind – upgrade your app today to work towards a seamless transition. The past few weeks have brought significant and exciting developments for the Splunk community!

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

After exploring this example, you can press Ctrl+C to exit from Docker Compose. With this example, you have deployed a simple pipeline to ingest the contents of a file into Splunk Enterprise. Using a terminal window, navigate to the folder examples/otel-logs-splunk. This blog post is part of an ongoing series on OpenTelemetry. I just realized that I lost the Admin password and I need a way to access the system, with my Admin credentials. The Splunk platform will transition to OpenSSL version 3 in a future release.

• Splunk Observability Cloud introduces multi-org management self-service experience with APIs for child org creation enabling role-based data segregation.
• Thanks for the updated answer @preactivity 🙂 as most of the older answers are no longer valid on the newer Splunk releases.
• My unix admin tells me they installed the forwarders correctly – which is fine since I can see the syslogs from the server but they want extra application logs to mimic the setup of another server (I didn’t set that up).
• You will be asked to enter a new password for your admin account.If you previously created other users and know their login details, copy and paste their credentials from the passw.bk file into the passwd file and restart Splunk.

OpenTelemetry defines a model to represent traces, metrics, and logs. Using this model, it orchestrates libraries in different programming languages to allow folks to collect this data. Just as important, the project delivers an executable named the OpenTelemetry Collector, which receives, processes, and exports data as a pipeline. Curious about OpenTelemetry but more interested in logs than APM tracing or metrics? This blog post will walk you through your first OpenTelemetry Logging pipeline…

We can reset both username(admin) and password to whatever we want. Get a sneak peek into Splunk Observability Cloud’s improved user interface for an easier and more intuitive experience. This preview is best for existing Splunk Observability Cloud customers. We added an Overview tab to Observability Cloud’s Data Management Platform, which provides customers better guidance through UI-based workflows to more easily onboard data into the platform and provides reflections on what they have achieved to track progress. This provides visual references and structured assistance, which is particularly helpful for those who are new to Observability Cloud.

The serverclass.conf was the first thing I did before we ran into the issue. I whitelisted the server in the appropriate section for the app. Ever wonder how to tap into cutting-edge AI without managing your own GPU? Splunk AI Assistant for SPL via a cloud-connected solution revolutionizes GenAI by securely hosting AI services in the Splunk-managed Cloud Platform while transmitting only the minimal data needed.

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

There are more interesting configuration possibilities if you follow along this Github repository for Splunk Docker, and be sure to check out Splunk Operator for larger, production-grade deployments. I worked with our unix admin and found the inputs.conf file under the app directory. Sure enough it was full of log source paths (for a different server). The unix admins copied that file from one server to another and expected it to work. Inputs can have configurations in the location you specified on the forwarder as well as on the indexer itself for parsing, sourcetyping, transformations and other index-time functions. Also some distributed deployments make use of the forwarder-management/deployment server functionality where a central server pushes out configs in the form of apps.

At Splunk, we manage the distribution of our version of the OpenTelemetry collector under this open-source repository. The repository contains our configuration and hardening parameters as well as examples. I am asking the developers to check the paths and make corrections. After a new inputs.conf is created/modified, I will have the admin replace the file and then restart splunkd. Event iQ helps with automated event correlation to accelerate time-to-value and MTTI through discovery of important fields in alerts and real-time, dynamic grouping based on patterns detected in the alert data. This capability is for customers interested in or using Event Analytics in ITSI today.

The below features, with the exception of the Q-Release (scheduled to go live as part of the Splunk Cloud Platform launch on July 28, 2025), are now generally available to customers as of July 22, 2025. We’re excited to announce the latest enhancements to Splunk Observability Cloud and share what’s currently in preview across the Splunk Observability portfolio. These innovations are designed to help you resolve database performance issues faster, seamlessly correlate and search relevant logs in APM and Infrastructure Monitoring, and monitor your cloud services more easily. The following features became generally available on October 21, 2025. We also run the container to set up a default HEC token, open ports, accept the Splunk license, and set a default admin password. Obviously, this is only useful here for our demonstration.