# ![@softmaniatech Avatar](https://lunarcrush.com/gi/w:26/cr:youtube::UCknGfjgEIGCzb8CE6e3X_3A.png) @softmaniatech Soft Mania

Soft Mania posts on YouTube about splunk, how to, topics, real world the most. They currently have [-----] followers and [---] posts still getting attention that total [---] engagements in the last [--] hours.

### Engagements: [---] [#](/creator/youtube::UCknGfjgEIGCzb8CE6e3X_3A/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:youtube::UCknGfjgEIGCzb8CE6e3X_3A/c:line/m:interactions.svg)

- [--] Week [---] +210%
- [--] Month [-----] +40%
- [--] Months [------] -6.90%
- [--] Year [------] +438%

### Mentions: [--] [#](/creator/youtube::UCknGfjgEIGCzb8CE6e3X_3A/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:youtube::UCknGfjgEIGCzb8CE6e3X_3A/c:line/m:posts_active.svg)

- [--] Week [--] +42%
- [--] Month [--] +35%
- [--] Months [--] -17%
- [--] Year [---] +97%

### Followers: [-----] [#](/creator/youtube::UCknGfjgEIGCzb8CE6e3X_3A/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:youtube::UCknGfjgEIGCzb8CE6e3X_3A/c:line/m:followers.svg)

- [--] Week [-----] +1.70%
- [--] Month [-----] +5.30%
- [--] Months [-----] +34%
- [--] Year [-----] +81%

### CreatorRank: [---------] [#](/creator/youtube::UCknGfjgEIGCzb8CE6e3X_3A/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:youtube::UCknGfjgEIGCzb8CE6e3X_3A/c:line/m:influencer_rank.svg)

### Social Influence

**Social category influence**
[technology brands](/list/technology-brands)  93.33% [stocks](/list/stocks)  1.9%

**Social topic influence**
[splunk](/topic/splunk) 93.33%, [how to](/topic/how-to) 22.86%, [topics](/topic/topics) 8.57%, [real world](/topic/real-world) 7.62%, [environment](/topic/environment) 5.71%, [lab](/topic/lab) 3.81%, [data](/topic/data) 3.81%, [events](/topic/events) 3.81%, [command](/topic/command) 3.81%, [to the](/topic/to-the) 2.86%

**Top accounts mentioned or mentioned by**
[@softmaniain](/creator/undefined)

**Top assets mentioned**
[Splunk Inc (SPLK)](/topic/splunk-inc)
### Top Social Posts
Top posts by engagements in the last [--] hours

"Splunk Development - You don't need to learn hacking to get into cyber security . Link: https://path.grad2it.in/ Many beginners think they must learn hacking to enter Cybersecurity. But thats not true. Hacking and Cybersecurity are not the same. In fact Cybersecurity is about defending not attacking. Think about it this way: You dont need to become a thief to become a police officer. But a police officer must understand how thieves think their techniques and their tactics so they can prevent crimes. Its the same in Cybersecurity. You dont need to become a hacker. You just need to understand:"  
[YouTube Link](https://youtube.com/watch?v=HO4YCJpWdoU)  2026-02-12T12:30Z [----] followers, [---] engagements


"Splunk admin Roadmap - Day - [--] - Monitor the Splunk Lab In this video we set up and explore the Splunk Monitoring Console (DMC). Youll learn how to: -Use a single management server to monitor Splunk components -Create service admin credentials -Connect Search Head and Indexer to the Monitoring Console -Enable Distributed Monitoring Console mode -Assign correct server roles -Verify component connectivity We also cover: -Default DMC alerts (license usage disk memory missing forwarders search issues) -Which alerts are important to enable -How to create custom alerts -Running and interpreting"  
[YouTube Link](https://youtube.com/watch?v=3rPBgQFpMow)  2026-02-07T05:30Z [----] followers, [--] engagements


"Splunk admin Roadmap - Day - [--] - Add License to Splunk Lab In this video we cover Splunk Licensing fundamentals and practical configuration steps. Youll learn: -Why licensing is required in Splunk -Limitations of the trial license (500 MB/day time-bound) -Types of free licenses: -Trial license -Free license Developer license (10 GB/day) -When and how to use a developer license (non-production only) -What happens when license limits are exceeded -License warnings vs violations and rolling windows -Why many organizations purchase [---] GB+ licenses -Which Splunk components require a license"  
[YouTube Link](https://youtube.com/watch?v=EvYBSWLvTJ8)  2026-02-09T05:30Z [----] followers, [--] engagements


"Splunk admin Roadmap - Day - [--] - Connecting Splunk Components to License Server. In this video we explain how to connect all Splunk components to a License Server using different real-world methods. We use the Management Console as the License Server and demonstrate how to connect: -Search Head using the Splunk Web UI -Indexer using backend CLI commands -Heavy Forwarders using configuration files (server.conf) -These methods reflect how licensing is handled in production environments where UI access is often limited or disabled. Youll also learn: -How to verify component connectivity from the"  
[YouTube Link](https://youtube.com/watch?v=VfU7CNeVq6I)  2026-02-11T05:30Z [----] followers, [--] engagements


"Replication Factor & Search Factor in Splunk Deep Dive for Admins Soft Mania 🔴 Webinar Replay: Replication Factor & Search Factor in Splunk Deep Dive for Admins In this session we explored one of the most foundational (yet often misunderstood) topics in Splunk Admin and Architecture: ➡ Replication Factor (RF) and ➡ Search Factor (SF) with practical explanations real-world analogies and a live demo. Youll learn: ✅ What RF & SF really mean and where they apply (Indexer vs. Search Head Clusters) ✅ How data gets replicated across indexers (raw buckets vs. TSIDX files) ✅ The real difference"  
[YouTube Link](https://youtube.com/watch?v=aiDXQV1_Q1A)  2025-06-27T13:45Z [----] followers, [---] engagements


"Splunk Development - Queries & Real-world Security Use cases - Live Sessions [--] Topic Discussed: -When was the first Cyber Attack happened - How many attacks have been identified so far in the history - What is SIEM - What is SIM - What is SEM - Why do we need to write queries in Splunk - Are there any existing solutions available Session Summary: - Instead of teaching hundreds of queries directly the course emphasizes concepts assignments and hands-on practice. - Participants were informed that query writing is the final outcome not the starting point. - A strong emphasis was placed on"  
[YouTube Link](https://youtube.com/watch?v=cW2Np57h1yQ)  2026-02-06T12:55Z [----] followers, [---] engagements


"Splunk admin Roadmap - Day - [--] - Sample data setup on Splunk Lab - basic [--]. In this video we set up sample data in a Splunk lab environment for hands-on practice. Youll learn how to: -Create multiple indexes for a use case (one_idx two_idx three_idx) -Assign indexes to the Search & Reporting app -Connect to a Universal Forwarder -Download and configure a sample log generation script -Schedule the script using a cron job to generate data continuously -Configure inputs.conf to monitor generated log files -Restart the Universal Forwarder correctly -Verify data ingestion in Splunk using search"  
[YouTube Link](https://youtube.com/watch?v=vpMa3Af5GiA)  2026-02-13T05:30Z [----] followers, [--] engagements


"Splunk Development - Queries & Security Use Cases Program registration link: https://splunk.softmania.in/course/splunk-development-queries-use-cases"  
[YouTube Link](https://youtube.com/watch?v=xPRsMVMGY5c)  2026-02-06T13:02Z [----] followers, [---] engagements


"What happens If [--] of the Indexers down in 3-member cluster Scenario-based Splunk Admin Usecase [--] What happens If two of the Indexers are down in 3-member cluster The quick answer is: Some of the searches will give incomplete results. once all the bucket copies in the last indexer are made searchable then searches can give complete results Some of the searches will give incomplete results as [--] of the Indexers with primary copies of some buckets are down. The Cluster master will instruct the last remaining peer to make the copies of all available buckets as searchable and primary copies (This"  
[YouTube Link](https://youtube.com/watch?v=dbFBPDUF8So)  2024-02-11T01:30Z [---] followers, [---] engagements


"Why do we need License in Splunk.mp4 Why do we need License in Splunk - To index the large amount of data - To access the Splunk enterprise features #splunk #splunklife #splunkblogs #splunkers #splunkadmin #splunkdeveloper #interviewquestions #splunkusecases #softmania #splunkmania"  
[YouTube Link](https://youtube.com/watch?v=do3AihzO0Xk)  2024-12-13T04:00Z [---] followers, [---] engagements


"3. How to change default server name of Splunk.mp4 How to Change Default Server Name of Splunk Method 1: Change Server Name Using UI - Log in to the Splunk Web UI - Go to Settings Server settings General settings. - Locate the "Server Name" field. - Enter the new server name (e.g Indexer) - Scroll down and click Save - Restart Splunk to apply the changes: - Go to Settings Server controls - Click Restart Splunk Method 2: Change Server Name using CLI - Log in to the Splunk server (as splunk user or root user) - Navigate to the Splunk bin directory - Check the current server name - Change the"  
[YouTube Link](https://youtube.com/watch?v=hKTOeMfdzwE)  2024-12-18T04:00Z [---] followers, [--] engagements


"7. Splunk Enterprise service limits Part-1.mp4 Do you know Splunk Enterprise service limits Part-1 - Number of buckets in the indexer cluster 40m Max 25m Recommended Note: "m" means million - Number of Concurrent Users [----] Max [---] Recommended - Number of Search Heads in Cluster [--] Max [--] Recommended #splunk #splunklife #splunkblogs #splunkers #splunkadmin #splunkdeveloper #interviewquestions #splunkusecases #softmania #splunkmania"  
[YouTube Link](https://youtube.com/watch?v=i9ZFgBDF3kQ)  2024-12-22T04:00Z [---] followers, [--] engagements


"What is Indexed_Extraction in Splunk.mp4 What is INDEXED_EXTRACTIONS in Splunk An important configuration parameter that determines how structured data is extracted and parsed during the indexing process. Can be defined in props.conf CSV - Comma separated value format TSV - Tab-separated value format PSV - pipe ("")-separated value format W3C - World Wide Web Consortium (W3C) Extended Log File Format JSON - JavaScript Object Notation format HEC - Interpret file as a stream of JSON events in the same format as the HTTP Event Collector (HEC) input. Configuring in Indexer is not best practice-"  
[YouTube Link](https://youtube.com/watch?v=k033YSSoe3k)  2024-12-24T04:00Z [---] followers, [--] engagements


"Which of the following constraints can be used with the top command Which of the following constraints can be used with the top command A) limit B) useperc C) addtotals D) fieldcount The correct answer is: A) limit #softmania #splunk #shorts"  
[YouTube Link](https://youtube.com/watch?v=kTQCzHq10_Q)  2025-02-26T04:00Z [---] followers, [--] engagements


"How to check for blocked queue in Splunk Data Pipeline.mp4 How to Check for Blocked Queue in Splunk Data Pipeline Identify the Blocked Queue - Using Monitoring Console - Using metrics.log In CLI In GUI Using Monitoring Console Dashboard [--] - Navigate to Settings -- Monitoring Console - Go to Indexing -- Indexing Performance: Instance Dashboard [--] - Navigate to Settings -- Monitoring Console - Go to Indexing -- Indexing Performance: Advanced Using metrics.log Using GUI - In Search Head or Monitoring Console run the below search query to check for blocked queues. #splunk #splunklife #splunkblogs"  
[YouTube Link](https://youtube.com/watch?v=lfi17KX67Zg)  2025-02-05T04:00Z [---] followers, [---] engagements


"How to add a custom time range in Splunk Dashboard.mp4 How to add a custom time range in Splunk Step 1: Create a new Preset time range - From the "Settings" menu Select "User interface". - Select "Time ranges". - Click "New Time Range". - For example you want to create a time range that shows searches "Yesterday from the hours of 12:00 to 15:00 UTC". - You can modify the permissions for custom time ranges. Step 2: Final output - Go to your Dashboard. Click "Edit". - Go to your custom time range tab. #splunk #splunklife #splunkblogs #splunkers #splunkadmin #splunkdeveloper #interviewquestions"  
[YouTube Link](https://youtube.com/watch?v=miID0ejvkPI)  2025-02-10T04:00Z [---] followers, [---] engagements


"How to install Splunk on AWS EC2 properly Splunk Admin Bootcamp Session [--] Soft Mania Title: How to Install Splunk on AWS EC2 Properly Splunk Admin Bootcamp Session [--] Soft Mania 📘 Description: In this session well walk through the complete Splunk installation process on AWS EC2 covering every step from pre-requisites to post-installation configurations to ensure your setup is production-ready and performance-optimized. This is Session [--] of the Splunk Admin Bootcamp by Soft Mania designed to help you gain real-time implementation skills that every Splunk Admin must have. What youll learn in"  
[YouTube Link](https://youtube.com/watch?v=nVCuvHNxxLo)  2025-10-15T12:24Z [----] followers, [---] engagements


"Splunk Architect - Live Project Implementation Challenge - [----] Splunk Architect Live Project Implementation Challenge (Intro Session) This video is the introductory live session of the Splunk Architect Live Project Implementation Challenge where we explain what this challenge is how it works and who it is meant for. - This is not a traditional course or training. - It is a project-driven challenge designed for people who want real-world Splunk implementation experience. What this session covers - Why this challenge exists (and why its not a course) - How [--] real-world Splunk projects were"  
[YouTube Link](https://youtube.com/watch?v=oQpfEWhJHz4)  2026-01-05T03:47Z [----] followers, [---] engagements


"Splunk Architect Challenge [----] #splunk #splunkadmin #education #splunkenterprise #architecture Splunk Architect Challenge starts from - 10-Jan-2025 Register here - https://path.softmania.in/events Occurs every Saturday - 9:30 PM to 11:30 PM IST During these sessions each project will be implemented in Live environments from the scratch. (1 Project / week) In this session. someone from our team or someone from the community expertise contributors will share the screen & do those end-to-end projects live. During this live activity our team will give some challenges to the person who is doing"  
[YouTube Link](https://youtube.com/watch?v=pd8YUFXPA1E)  2026-01-09T04:00Z [----] followers, [---] engagements


"How to Configure Load balancing in Splunk Universal Forwarder.mp4 How to Configure Load Balancing in Splunk Universal Forwarder Steps to Configure Load Balancing: Step-1: Locate the Outputs Configuration File - Navigate to the Universal Forwarder installation directory. - Locate the outputs.conf file Step-2: Edit the outputs.conf File - Open outputs.conf in a text editor. - Define multiple indexers and specify load balancing settings server: List of indexer IPs/hostnames with their receiving ports. autoLBFrequency: Time (seconds) after which the forwarder switches to another indexer. The"  
[YouTube Link](https://youtube.com/watch?v=quj9i3uYIVI)  2024-11-25T06:30Z [---] followers, [---] engagements


"How to Create a Splunk Clustered Environment in AWS Step by Step Guide for Admins & Architects 📌 Live Session Date: 24-June-2025 🎯 Topic: How to Create a Splunk Clustered Environment in AWS Step-by-Step Guide for Admins & Architects 👨🏫 Hosted by: Soft Mania In this power-packed session we covered how to build a complete Splunk Single-Site Clustered Environment on AWS EC2 from scratch covering all key admin and architect tasks in just [--] minutes. ✅ What we configured: - [--] x Indexers (Indexer Cluster) - [--] x Search Heads (Search Head Cluster) - [--] x Cluster Manager - [--] x Deployer - [--] x"  
[YouTube Link](https://youtube.com/watch?v=s584n27FPAA)  2025-06-24T16:04Z [----] followers, [----] engagements


"Scenario based Splunk Admin Interview Questions - Session [--] Search Head clusters Scenario based Splunk Admin Interview Questions - Session [--] Topics covered in this session: - What happens If one of the Search Heads down in 3-member cluster - What happens If two of the Search Heads down in 3-member cluster - What happens If all of the Search Heads down in 3-member cluster - What happens If Deployer is down"  
[YouTube Link](https://youtube.com/watch?v=suo8a-FARE0)  2025-08-21T15:43Z [----] followers, [---] engagements


"Splunk Admin Roadmap - Day [--] - Lab Servers setup Splunk Enterprise Lab Server Setup - Minimum Hardware Requirements AWS Lab Demo - In this video we discuss the minimum hardware requirements needed to set up Splunk Enterprise in a lab environment and how to reduce infrastructure costs compared to a real-time production setup. - In real-world enterprise environments Splunk requires high-performance infrastructure. However for learning training and lab purposes we can safely use lower-cost minimal configurations where minor performance impact is acceptable. Splunk Lab vs Production Environment -"  
[YouTube Link](https://youtube.com/watch?v=tfCs-EkdGxE)  2026-01-26T05:30Z [----] followers, [--] engagements


"How to deploy Splunk apps from GitHub using Jenkins.mp4 How to deploy Splunk apps from GitHub using Jenkins Steps to deploy Splunk App using Jenkins: [--]. Create a Git repository to store your Splunk App. [--]. Configure SSH Key Authentication between Jenkins and Splunk Instance. This will help Jenkins to run commands on Splunk Instance to deploy the app. [--]. Install Publish over SSH Plug-in in Jenkins server and Configure the plugin to connect to Splunk Instance where the App has to be installed. [--]. Go to GitHub repository click Settings -- Webhooks and Click on Add Webhook. [--]. Provide"  
[YouTube Link](https://youtube.com/watch?v=vxDa0WnIy0o)  2024-12-25T04:00Z [---] followers, [---] engagements


"Splunk Deployment Server Masterclass.mp4 Splunk Deployment Server Masterclass (Coming Soon) - The Splunk Deployment Server Masterclass is designed to provide in-depth knowledge and hands-on experience in managing Splunk Deployment Servers. - This course covers key concepts such as - Server configuration - Deployment of apps and configurations and -Managing forwarders in distributed environment. - You will learn how to handle the deployment server architecture efficiently automate configurations and troubleshoot common issues to ensure optimal performance. - With real-world scenarios this"  
[YouTube Link](https://youtube.com/watch?v=w_ivSQ_WvmM)  2025-02-14T04:00Z [---] followers, [---] engagements


"Splunk Architect Training End-to-End Project Implementation What Youll Learn & How It Works Welcome to the official walkthrough of Splunk Architect End-to-End Project Implementation by SoftMania 🛠 In this video well take you through the entire course content and structure - so you know exactly what to expect when you enroll. What Youll Learn (Teaser) - How to gather requirements and document correctly - Capacity & infrastructure planning for CPU memory storage - Designing Splunk architecture (standalone distributed clustered multisite) - Data onboarding from Windows Linux databases cloud"  
[YouTube Link](https://youtube.com/watch?v=y7RxkmeFXAU)  2025-10-10T12:30Z [----] followers, [---] engagements


"Splunk Enterprise Learning resources - Part-2.mp4 Splunk Enterprise Learning resources - Part-2 The 2nd one is Splunk free Course [--]. What is Splunk (eLearning) [--]. Intro to Splunk (eLearning) [--]. Introduction to Splunk Infrastructure Monitoring (eLearning) [--]. Splunk Enterprise Installation and Configuration (eLearning) [--]. Upgrading Splunk Enterprise (eLearning) [--]. Distributed Search (eLearning) [--]. Using the Monitoring Console (eLearning) [--]. Getting Data Into Splunk (eLearning) [--]. Using Fields (eLearning) [--]. Intro to Dashboards (eLearning) [--]. Scheduling Reports & Alerts (eLearning) 12."  
[YouTube Link](https://youtube.com/watch?v=yZtPKruNAqQ)  2024-12-14T04:00Z [---] followers, [--] engagements


"How to customize table cell in Splunk Dashboard.mp4 How to customize table cell in Splunk Dashboard Open Your Dashboard: - Assume you are using the Rangemap query on your dashboard. rangemap field=count low=0-100 elevated=101-1000 default=severe - On your dashboard click the Edit button. Edit Panels: - Switch to the Source tab. - Under the panel add html tag with CSS styles. - Then add a table id - Add the js script in the dashboard tag. Then save. Backend changes: - Follow this URL or scan the QR code for the backend JS script file steps. https://tinyurl.softmania.in/FVsL8 - Once you have"  
[YouTube Link](https://youtube.com/watch?v=z5E0ENWrOhE)  2025-01-17T04:00Z [---] followers, [---] engagements


"Splunk Admin Roadmap - Day [--] - Minimum Hardware Requirements Splunk Admin Roadmap Day [--] - Minimum Hardware Requirements & Lab Server Setup - In Day [--] of the Splunk Admin Roadmap we cover the minimum hardware requirements needed to run Splunk Enterprise and Splunk Universal Forwarder along with the servers required for a basic Splunk lab setup. Topics Covered in This Video - Minimum Hardware Requirements - Common Requirements (All Deployments) - System Requirements - Standalone Splunk Enterprise Minimum Requirements - Dedicated Search Head Recommended Requirements - Indexer Hardware"  
[YouTube Link](https://youtube.com/watch?v=42F6SpFcqcY)  2026-01-26T05:30Z [----] followers, [--] engagements


"Splunk Enterprise Troubleshooting Session - Short-1.mp4 Why Did Splunk Stop Ingesting Data Here's the Real Reason (And Fix) Ever faced that frustrating moment when Splunk just stops receiving data and nothing seems wrong You've restarted the Universal Forwarder. even rebooted the Indexer. but still no luck. - The issue isnt always where you expect it to be. In our live demo Well walk you through how to trace the root cause step-by-step the way real-world Splunk admins do it. - Perfect for anyone who wants to troubleshoot smarter not harder. Register here - https://tinyurl.softmania.in/MHlAY"  
[YouTube Link](https://youtube.com/watch?v=Dfgf9gUEZfE)  2025-05-27T07:30Z [----] followers, [----] engagements


"Scenario based Splunk Admin Interview Questions - Session [--] Enable SAML Authentication using Okta Scenario based Splunk Admin Interview Questions - Session [--] Topics covered in this session: - How to Enable SAML Authentication in Splunk using Okta"  
[YouTube Link](https://youtube.com/watch?v=F_4sP6539hA)  2025-09-01T05:13Z [----] followers, [---] engagements


"Splunk admin Roadmap - Day - [--] - Part - II - Important Concepts In this video we continue from the previous session where we successfully configured data flow and indexed logs into day6_idx. Now we take a deep dive into where and how Splunk stores indexed data at the backend. In this session you will learn: -How to verify indexed data using index=day6_idx -Understanding sources and hosts contributing data to an index -Where indexed data is physically stored on the Indexer backend -Introduction to the Splunk DB directory -Exploring index folder structure under $SPLUNK_HOME/var/lib/splunk"  
[YouTube Link](https://youtube.com/watch?v=G43MrAiDvQc)  2026-02-05T05:30Z [----] followers, [--] engagements


"Free webinar on Regular Expression for Splunk Enterprise Soft Mania 🎯 Welcome to our Pre-Masterclass on Regular Expressions in Splunk In this session were focusing exclusively on forming regular expressions (regex) that are used in Splunk Enterprise not just using the rex command but truly understanding how to build your own regex patterns to handle unstructured log data effectively. 🔍 Whether you're a Splunk Admin Developer or a beginner this video is designed to teach you: What regular expressions are - How Splunk uses them for field extractions - The difference between anchored and"  
[YouTube Link](https://youtube.com/watch?v=IcGQ_ClJZe4)  2025-05-13T07:58Z [---] followers, [---] engagements


"How to Upgrade the standalone splunk enterprise.mp4 How to Upgrade the Standalone Splunk enterprise Detailed Explanations : Step-1: Stop the Splunk Step-2: Take a backup of the files Take the backup of below directories (In Splunk Enterprise installation) /opt/splunk/etc/ (&) /opt/splunk/var/lib/ Navigate to /opt/splunk directory Compress the etc folder into a zip file Copy the etc.zip file into /tmp folder Navigate to /opt/splunk/var/lib directory Compress the splunk folder into a zip file Copy the splunk.zip file into /tmp folder *Store the backup in a safest place* Step-3: Download latest"  
[YouTube Link](https://youtube.com/watch?v=MR8NRMUQ8WI)  2025-09-04T03:55Z [----] followers, [---] engagements


"Splunk DB Connect Masterclass 101.mp4 Splunk DB Connect Masterclass [---] - This Splunk DB Connect Masterclass [---] provides a detailed explanation of Splunk DB Connect installation and configurations along with practical use cases similar to real-time projects. - The course covers all aspects of DB Connect from setup to advanced use cases ensuring you can connect Splunk with various relational databases Server and more. - At the end of this Masterclass you will be able to handle Splunk DB Connect for any kind of integration requirement making you proficient in managing data from external"  
[YouTube Link](https://youtube.com/watch?v=QCId8U2vyrk)  2025-02-12T04:00Z [---] followers, [---] engagements


"Splunk admin Roadmap - Day - [--] -Part - I - How to Configure the data flow In this video we continue from the previous session where we connected the Universal Forwarder to the Indexer and verified internal data indexing. Now we dive deeper into custom data onboarding in Splunk. Youll learn how to: -Understand internal vs custom data indexing -Create a new index using Splunk Web UI -Create an index from the Indexer backend (CLI method) -Modify and use indexes.conf for index creation -Restart and validate index creation safely -Configure inputs.conf on the Universal Forwarder to monitor custom"  
[YouTube Link](https://youtube.com/watch?v=YS3KAFUiELY)  2026-02-03T05:30Z [----] followers, [--] engagements


"Splunk admin Roadmap- Day- [--] - How to setup a Forwarder - In this video we first validate the connection between the Search Head and Indexer using a basic search. We then troubleshoot a common issue where the Search Head is unable to communicate with the Indexer due to authentication or peer connection problems. In this part we cover: - Checking Search Head and Indexer connectivity - Understanding errors like unable to distribute search to peer - Fixing rejected credentials and peer connection issues - Resolving the problem by removing and re-adding search peers - Confirming successful data"  
[YouTube Link](https://youtube.com/watch?v=ZmMztWBoRuA)  2026-02-01T05:30Z [----] followers, [--] engagements


"Splunk Practice Tests in Udemy.mp4 Do you know Splunk Enterprise Exam - Practice Tests in Udemy Disclaimer: These tests are just a reference for you to prepare the concepts only. These are not provided Splunk Inc. or Soft Mania.Taking these courses is at your own risk. #splunk #splunklife #splunkblogs #splunkers #splunkadmin #splunkdeveloper #interviewquestions #splunkusecases #softmania #splunkmania"  
[YouTube Link](https://youtube.com/watch?v=a3uFtHLBU-Q)  2024-12-28T04:00Z [----] followers, [--] engagements


"Scenario based Splunk Admin Interview Questions - Session [--] Indexer clusters Scenario based Splunk Admin Interview Questions - Session [--] Topics covered in this session: - What happens If Cluster Manager is down - What happens If one of the Indexers down in 3-member cluster - What happens If two of the Indexers down in 3-member cluster - What happens If all of the Indexers down in 3-member cluster"  
[YouTube Link](https://youtube.com/watch?v=abhmkn-H6_M)  2025-08-21T15:03Z [----] followers, [---] engagements


"4. How to run Splunk in a docker container.mp4 How to run Splunk in a Docker container Installation Steps [--]. Create a Linux RedHat server in AWS/GCP/Azure. [--]. Open the inbound traffic for ports 8000-9999. This will allow us to access Splunk via Web. [--]. Execute the command to Install Docker using rpm package in your Linux server [--]. Execute the command to Install Docker Engine [--]. Start the Docker Engine. This configures the Docker systemd service to start automatically when you boot your system [--]. Verify that the installation is successful by running the hello-world image [--]. Go to Docker Hub"  
[YouTube Link](https://youtube.com/watch?v=ciuOSa_SnEk)  2024-12-19T04:00Z [---] followers, [---] engagements


"How Splunk Stores Indexes.mp4 How Splunk Stores Indexes Lets Say. You are sending [---] Mb of data into Splunk - Do You know how much storage it will occupy --------------------------- Splunk stores your data in the form of buckets Inside the index. --------------------------- Do you know what is inside the Buckets A bucket is a directory where Splunk stores indexed data and it contains: - Rawdata (15%) The actual raw log data (compressed). - TSIDX files (35%) Time-series index files that speed up search. - Journal.gz Compressed version of raw events. - Metadata Info about source sourcetype and"  
[YouTube Link](https://youtube.com/watch?v=gzMM9KvKHl4)  2025-04-19T04:00Z [----] followers, [---] engagements


"How to take Backup of Splunk Configurationdata Why should we do that.mp4 How to take Backup of Splunk Configuration / data Why should we do that Steps to take a backup : - Switch to Splunk user - Stop the Splunk - Take the backup of directories (In Splunk Enterprise installation) - Store the backup in a safest place - Start the Splunk Detailed Explanations : - Switch to Splunk user - Stop the Splunk - Take the backup of below directories (In Splunk Enterprise installation) /opt/splunk/etc/ (&) /opt/splunk/var/lib/ - Navigate to /opt/splunk directory - Compress the etc folder into a zip file -"  
[YouTube Link](https://youtube.com/watch?v=ojmPobxfE1E)  2025-09-02T09:00Z [----] followers, [---] engagements


"Migration Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Migration Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania The activity happened was Migration. Migration from Standalone Splunk instance to a clustered indexer set-up of [--] indexers. Migration Issues: Issue: After migration one of the indexers keeps crashing the moment we enabled receiving on the Indexer. Root Cause: $SPLUNK_DB folder did not have the required permission. Only read permission was granted to the user for $SPLUNK_DB which makes it impossible for Splunk to receive and process data."  
[YouTube Link](https://youtube.com/watch?v=rvBVfMhJARI)  2024-06-27T01:00Z [----] followers, [---] engagements


"File Monitoring Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania File Monitoring Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania File Monitoring Issues: Issue: Log file monitored is enabled but data is not getting indexed Root cause: Another file also has the first [---] characters same. Note: If multiple files have the first [---] same then Splunk will consider only one file Solution: Add crcSalt=text under the respective stanza in inputs.conf & Restart the Splunk #splunk #splunkadmin #splunkblogs #splunkengineer #splunklife #softmania #splunkmania"  
[YouTube Link](https://youtube.com/watch?v=xJ-Vlq232G4)  2024-03-20T05:30Z [---] followers, [----] engagements


"How to customize chart colors in Splunk Dashboard.mp4 How to customize chart colors in Splunk Dashboard - Customize your Background color - Customize your font color - Customize your foreground color - Customize your field color #splunk #splunklife #splunkblogs #splunkers #splunkadmin #splunkdeveloper #interviewquestions #splunkusecases #softmania #splunkmania"  
[YouTube Link](https://youtube.com/watch?v=yQgwqoxJ_TE)  2024-12-10T04:00Z [----] followers, [---] engagements


"Splunk Data Model Masterclass 101.mp4 Splunk Data Model Masterclass [---] (Coming Soon) - The Splunk Data Model Masterclass [---] provides an in-depth understanding of Splunk Data Models and how to leverage them to improve data analysis and reporting. - This course covers data model creation optimizing performance and applying best practices for building scalable and efficient models. - You will learn how to structure your data in Splunk to improve search performance enrich visualizations and create powerful reports. - With real-world examples you will gain the skills necessary to design"  
[YouTube Link](https://youtube.com/watch?v=zbnh0fZ5GCA)  2025-02-13T04:00Z [---] followers, [---] engagements


"Access issue Splunk Enterprise Troubleshooting Use case [--] Soft Mania Access issue Splunk Enterprise Troubleshooting Use case [--] Soft Mania Issue: Query is not working for particular users but for others Root Cause: Users missing access to the extracted field (e.g: in this case the startup_code field is extracted using props) Solution: Enable access to the respective users & validate it again with users #splunk #splunkadmin #splunkblogs #splunkengineer #splunklife #softmania #splunkmania #troubleshooting #splunktroubleshooting"  
[YouTube Link](https://youtube.com/watch?v=-tQpMWrHbEo)  2024-03-16T00:30Z [---] followers, [---] engagements


"Troubleshooting live session.mp4 Your Universal Forwarder is running as expected but unfortunately no data is appearing in your index. - Youre not seeing any errors and there are no logs to give you a clue about whats going wrong. - This situation can be particularly frustrating because the issue could stem from multiple potential causes: sometimes its the input processor that isnt configured correctly; other times its a parsing problem within the Universal Forwarder itself. - In some cases the culprit is an external factor like a firewall thats blocking the data flow. - Rather than"  
[YouTube Link](https://youtube.com/watch?v=0hT98D6czPw)  2025-05-31T14:25Z [----] followers, [--] engagements


"How to add custom css to Splunk Dashboard .mp4 How to add custom CSS to Splunk Dashboard On the UI : - On your dashboard click the Edit button. - Switch to the Source tab. - Under the Panel add an HTML tag and then include your CSS styles. On the Backend : - To customize a dashboard create a .css file to define its style. - Place these files in the app's appserver/static directory located here. $SPLUNK_HOME/etc/apps//appserver/static For example - Customize styling for a dashboard in Search and Reporting use this directory path. $SPLUNK_HOME/etc/apps/search/appserver/static Add custom files"  
[YouTube Link](https://youtube.com/watch?v=4c1mJJwOdYY)  2025-01-29T04:57Z [---] followers, [--] engagements


"Forwarder Performance with Multiple Pipeline Sets in Splunk.mp4 Forwarder Performance with Multiple Pipeline Sets in Splunk Why Use Multiple Pipeline Sets Faster Processing: Handle large and small files concurrently without delays. Double Throughput: Forwarders with two pipelines can handle twice as much data as those with one pipeline. Optimized Resource Utilization: Reduce bottlenecks and maximize CPU usage. ----------------------- How It Works Each pipeline handles data input output and parsing (for heavy forwarders). Outputs forward independently with load balanced streams if set."  
[YouTube Link](https://youtube.com/watch?v=8TrlhE6QWUs)  2025-01-02T03:53Z [---] followers, [--] engagements


"Forwarding Issue Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Forwarding Issue Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Forwarding Issues: Issue: - A few events are missing in Splunk Cloud. Most of the data is being ingested as expected. Missing events that should be forwarded by the forwarder UF or HF. This issue happens intermittently. Root Cause: - Splunk forwarder queues are saturated. When it was released Splunk tailreader went to read the file and the file wasn't available anymore (rolled or deleted). ------ WARN TailReader [----] tailreader0 - Access"  
[YouTube Link](https://youtube.com/watch?v=8r3lJtYCBZY)  2024-07-29T01:00Z [---] followers, [---] engagements


"Why cant we use a single Splunk instance with huge size.mp4 Why cant we use a single Splunk The reason is. - Performance Impact - Single point of failure - Scalability --------------------------- Performance Impact - If we try to do data collection indexing and searching all on a single heavy machine it will be overloaded: - Data collection from 100s of sources CPU hit. - Parsing & indexing TBs of logs Disk I/O spike. - Running [--] user searches Memory crunch. - Solution: Splitting these tasks across components balances the load and improves efficiency. --------------------------- Single point"  
[YouTube Link](https://youtube.com/watch?v=97C8blvM4HI)  2025-04-18T04:00Z [---] followers, [---] engagements


"How to remove unwanted JSON pairs during indexing.mp4 How to Remove Unwanted JSON pairs during Indexing Step 1: Define the Transformation Rule Navigate to local folder of search app Create or open transforms.conf file Add the below stanza in transforms.conf to remove the JSON pair Step 2: Apply the Transformation Open or create props.conf Add the configuration stanza for the source/sourcetype Step 3: Restart the Splunk Step 4: Verify the Data JSON Pair debug_info is removed successfully #splunk #splunklife #splunkblogs #splunkers #splunkadmin #splunkdeveloper #interviewquestions"  
[YouTube Link](https://youtube.com/watch?v=9lMlAhprxy0)  2025-02-02T04:00Z [---] followers, [--] engagements


"Which of the following represents the Splunk recommended naming convention for dashboards Which of the following represents the Splunk recommended naming convention for dashboards A) Description_Group_Object B) Group_Description_Object C) Group_Object_Description D) Object_Group_Description The correct answer is: C) Group_Object_Description #softmania #splunk #splunklife #splunkblogs #splunkers #splunkadmin #splunkdeveloper #interviewquestions #splunkusecases #softmania #splunkmania #shorts"  
[YouTube Link](https://youtube.com/watch?v=BrvQF2AaQGs)  2025-03-01T04:00Z [---] followers, [--] engagements


"4.Troubleshooting live session.mp4 The Timestamp Trap: Data is streaming in yet your dashboards remain frustratingly empty. The culprit A subtle but critical issue: timestamp extraction errors. The root cause could be an incorrect TIME_FORMAT configuration a misaligned time zone (TZ) or the wrong field used for the timestamp altogether. These problems often lurk unnoticed until your visualizations turn blank. Let me walk you through the process of identifying these hidden issues: - Inspect the raw data check the timestamps formats and fields. - Validate your parsing logic ensure the right"  
[YouTube Link](https://youtube.com/watch?v=BuWQM6HbQzs)  2025-06-03T04:21Z [----] followers, [---] engagements


"Forwarding Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Forwarding Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Forwarding Issues: Issue: Heavy forwarder Paused Data Flow with Warning: "The TCP output processor has paused the data flow". ---------- WARN TcpOutputProc - The TCP output processor has paused the data flow. Forwarding to host_dest=xxx.xxx.xxx.xxx inside output group default-autolb-group from host_src=xxx has been blocked for blocked_seconds=10. This can stall the data flow towards indexing and other network outputs. Review the receiving"  
[YouTube Link](https://youtube.com/watch?v=CGuoFsVGuGU)  2024-03-29T00:30Z [---] followers, [---] engagements


"How to Migrate index from one Splunk server to another Splunk server.mp4 How to Migrate an index from one Splunk Server to another Splunk server Steps to Migrate the index: Migrate the respective stanza of indexes.conf file from the old server to new server Migrate the index directory from old server to new server. (Zip it and transfer) Note: Make sure the Splunk service is stopped & all the hot buckets are rolled to warm to avoid any data loss. Lets say we want to migrate test index server A to B Prerequisite Note: Make sure the Splunk service is stopped & all the hot buckets are rolled to"  
[YouTube Link](https://youtube.com/watch?v=D9N5x5jifCk)  2025-05-07T04:31Z [---] followers, [---] engagements


"Free Splunk Essential Resources by Soft Mania.mp4 Splunk Essential Resources - Free Splunk Essential Resources https://tinyurl.softmania.in/0FUZX #splunk #splunklife #splunkblogs #splunkers #splunkadmin #splunkdeveloper #interviewquestions #splunkusecases #softmania #splunkmania"  
[YouTube Link](https://youtube.com/watch?v=DW2lKMRKFzk)  2025-02-01T04:00Z [---] followers, [--] engagements


"How to Filter unwanted Windows event logs.mp4 How to Filter unwanted Windows event logs Steps to Filter Unwanted Windows Event Logs Step 1: Define the Transformation Rule - transforms.conf Step 2: Apply the Transformation - props.conf Step 3: Restart Splunk Sample Scenario: - Let's say we want to remove below Event ID's from the data that is being indexed. - [----] - [----] - [----] - [----] - [----] - [----] Step 1: Define the Transformation Rule - Navigate to local folder of search app - Create or open transforms.conf file - Add the below stanza in transforms.conf to filter the unwanted logs. Step 2:"  
[YouTube Link](https://youtube.com/watch?v=FpHdhvlMBvk)  2025-02-11T04:00Z [---] followers, [--] engagements


"How to clean the Index in Indexer Cluster.mp4 How to Clean the Index in Indexer Cluster - Steps to Clean the Index in Indexer Cluster - Connect to Cluster Manager instance (via SSH client) - Login as a Splunk user - Navigate to _cluster/local folder - Open indexes.conf file - Add stanza like below in the indexes.conf - In Cluster Manager node itself execute below command in CLI - Enter username & Password - Once you confirm if the restart is necessary - To apply the configuration bundle to the peers run this CLI command - Login to any one of the search head server with your credentials.Run"  
[YouTube Link](https://youtube.com/watch?v=HBvThJ0MDFc)  2025-04-29T05:00Z [---] followers, [---] engagements


"shorts [--] final.mp4 Did you know that Splunk sometimes ignores your changes in inputs.conf Youve carefully edited the file restarted Splunk and yet the issue persists. Why The culprit could be a precedence issue where your configuration file is being overridden by another at a higher priority level perhaps one inside a Splunk app or system folder. Alternatively it could be that your changes never took effect because the configuration wasnt reloaded properly or Splunk was reading from a different file altogether. In this troubleshooting series well take a deep dive into why your inputs.conf"  
[YouTube Link](https://youtube.com/watch?v=HfRcPBgee4E)  2025-05-28T10:22Z [----] followers, [---] engagements


"1. What is Structured Parsing in Splunk.mp4 What is Structured Parsing in Splunk - Specialized handling of structured data formats for automatic field extraction. - It leverages Splunks ability to directly interpret the structure of the data and extract fields based on its format. - Index time Field Extraction Configuration for Structured Parsing In Universal forwarder CSV - Comma separated value format TSV - Tab-separated value format PSV - pipe ("")-separated value format W3C - World Wide Web Consortium (W3C) Extended Log File Format JSON - JavaScript Object Notation format HEC - Interpret"  
[YouTube Link](https://youtube.com/watch?v=KC1EDFf7VxE)  2024-12-16T04:00Z [---] followers, [--] engagements


"2. How to add HTML content to Splunk Dashboard.mp4 How to add HTML content to Splunk Dashboard Customize your Dashboard with HTML - Go to your dashboard and select the Source tab. - Under the your Panel section use your HTML code. If you want to use CSS styles - You can add any CSS properties inside the style tag. #splunk #splunklife #splunkblogs #splunkers #splunkadmin #splunkdeveloper #interviewquestions #splunkusecases #softmania #splunkmania"  
[YouTube Link](https://youtube.com/watch?v=LAEt25eHojU)  2024-12-17T04:00Z [---] followers, [--] engagements


"What happens If Deployment server is down Scenario-based Splunk Admin Use Case - [--] Soft Mania Scenario-based Splunk Admin Use Case - [--] What happens If the Deployment Server is down Quick answer is: No major issues to the environment's data flow. However the latest app updates cant be deployed to the deployment clients (say forwarders) Deployment client (say Forwarders) periodically polls the deployment server If the Deployment server is down Deployment Clients will not receive the details which doesnt interrupt the Forwarders functionality. The issue here is you cant deploy the latest"  
[YouTube Link](https://youtube.com/watch?v=LSinfXVec_w)  2024-04-10T04:30Z [---] followers, [---] engagements


"Upgrade Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Upgrade Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Upgrade Issues: Issue: - After upgrading UF to 9.1.2 data ingestion issues were found. Reverting to the previous version works fine. Data flow is stopped. Root Cause: - Version [---] and above are installed by default with a VSA (virtual service account) which can cause problems with certain paths and resources. Solution: - Enable the UF to run with Local System account. While upgrading the UF do it from Command Line with the USE_LOCAL_SYSTEM"  
[YouTube Link](https://youtube.com/watch?v=NeT0LT6gPMI)  2024-07-06T01:00Z [---] followers, [---] engagements


"Scenario based Splunk Admin Interview Questions - Session [--] Management Components Scenario based Splunk Admin Interview Questions - Session [--] Topics covered in this session: - What happens If Monitoring Console down - What happens If Deployment Server is down - What happens If Universal Forwarder is down - What happens If License Master/Server is down"  
[YouTube Link](https://youtube.com/watch?v=Nif4g1b54go)  2025-08-22T04:52Z [----] followers, [---] engagements


"Upgrade Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Upgrade Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Upgrade Issues: Issue: - When trying to upgrade Splunk UF on Windows the upgrade installer wizard provides less options than normal and fails during the upgrade process. Root Cause: - Bad/corrupted registry entry within Windows which may even get deployed to multiple systems via Windows SCCM (System Center Configuration Manager) which is used to deploy software and patches to Windows systems. Solution: - A backup of the above registry key was"  
[YouTube Link](https://youtube.com/watch?v=O_rkNwjkxXM)  2024-07-25T01:00Z [---] followers, [---] engagements


"What are the Indexer Cluster bucket issues.mp4 What are the Indexer Cluster Bucket Issues 1) Non-Clustered Bucket Issues "Buckets All Over the Place" What Happens - Too many hot buckets - Buckets not rolling properly to warm/cold storage - Corrupt buckets Why - Incorrect retention settings - Sudden system crashes - Disk space issues Fix It: - Set proper maxHotBuckets and maxWarmDBCount - Keep enough free disk space - Run splunk fsck repair to fix corrupt buckets 2) Bucket Replication Issues - "Data Not Syncing" What Happens - Some indexers have data others dont. - Search results are missing"  
[YouTube Link](https://youtube.com/watch?v=PWKdRp78uFo)  2025-02-06T04:00Z [---] followers, [--] engagements


"Performance Impact of eventtypes in Splunk.mp4 Performance Impact of eventtypes in Splunk - Using event types can consume a lot of data because any search attempts to correlate events with any known event type. - As more event types are defined the cost in search performance goes up. - You can examine the execution costs of search commands with the "command.search.typer" parameter"  
[YouTube Link](https://youtube.com/watch?v=P_0H7sOaRmY)  2025-07-08T08:05Z [----] followers, [---] engagements


"How to install Splunk using Shell Script.mp4 How to install Splunk using Shell Script [--]. Login as a root user. [--]. Create a file named install_splunk.sh in your home directory using the command [--]. Enter the Shell script code (mentioned in below link) https://zurl.co/LpWZw [--]. Save the File by Pressing "Esc" key and :wq Press Enter. [--]. Change the Permissions of the Shell Script [--]. Then run the script using: ./install_splunk.sh Now Splunk has been successfully installed #splunk #splunklife #splunkblogs #splunkers #splunkadmin #splunkdeveloper #interviewquestions #splunkusecases #softmania"  
[YouTube Link](https://youtube.com/watch?v=Q4Xks4VYALY)  2025-01-02T04:00Z [---] followers, [--] engagements


"How can search results be kept longer than [--] days How can search results be kept longer than [--] days A) By scheduling a report. B) By creating a link to the job C) By changing the job settings. D) By changing the time range picker to more than [--] days. The correct answer is: A) By scheduling a report. #softmania #splunk #splunk #splunklife #splunkblogs #splunkers #splunkadmin #splunkdeveloper #interviewquestions #splunkusecases #softmania #splunkmania #shorts"  
[YouTube Link](https://youtube.com/watch?v=SFxQD506_rs)  2025-03-02T04:00Z [---] followers, [--] engagements


"Do you know Splunk SAML Authentication.mp4 Do you Know Splunk SAML Authentication https://tinyurl.softmania.in/iyf9S #splunk #splunklife #splunkblogs #splunkers #splunkadmin #splunkdeveloper #interviewquestions #splunkusecases #softmania #splunkmania"  
[YouTube Link](https://youtube.com/watch?v=ST9YLJBqzXs)  2025-02-09T04:00Z [---] followers, [---] engagements


"Splunk Starting Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Splunk Starting Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Splunk Starting Issues: Issue: Splunk Enterprise does not start due to unusable filesystem Root cause: Splunk software does not know how to write to your machine's filesystem. homePath='/opt/splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem. Validating databases (splunkd validatedb) failed with code '1'. Solution: Temporarily bypass filesystem checks File name: $SPLUNK_HOME/etc/splunk-launch.conf"  
[YouTube Link](https://youtube.com/watch?v=TV0V-IG1c6M)  2024-03-28T00:30Z [---] followers, [---] engagements


"Is Splunk Index Data mutable.mp4 Is Splunk Index Data Mutable No Splunks indexed data is designed to be immutable. Why is Indexed Data Immutable Splunk uses a write-once read-many (WORM) model for indexing data. This ensures data integrity making it reliable for compliance audits and security investigations. What If You Need to Modify Data Sensitive data can be obfuscated at the search layer using search-time field extractions or anonymization. If data needs to be corrected at the index level delete the affected data and ingest it again with the necessary changes. #splunk #splunklife"  
[YouTube Link](https://youtube.com/watch?v=UXeNhebLpwA)  2025-01-07T04:00Z [---] followers, [--] engagements


"Scenario based Splunk Admin Interview Questions Soft Mania Are you preparing for a Splunk Admin interview In this live session well walk you through real-world scenario-based questions that are commonly asked in interviews not the usual theory but questions that test your understanding of how Splunk behaves in a production environment. 🔍 What to expect: - Situational questions faced by real-time Splunk Admins - Step-by-step breakdown of how to approach and answer - Common mistakes & how to avoid them - Live Q&A and doubt clearance 💡 Perfect for: ✔ Splunk Admins with basic hands-on"  
[YouTube Link](https://youtube.com/watch?v=UvWcArzesSI)  2025-07-20T17:38Z [---] followers, [---] engagements


"Do we need License for Forwarder.mp4 Do we need a License for Forwarders - Heavy Forwarder - Need a License as it is indexing data locally & want to enable authentication - Universal Forwarder - Does not require a License The answer is. - Universal forwarder package includes its own license. The license is enabled or applied automatically. This license allows forwarding but not indexing of unlimited data and also enables security on the forwarder so that users must supply a username and password to access it. - Heavy forwarder should have access to an Enterprise license stack if you plan to"  
[YouTube Link](https://youtube.com/watch?v=VASsg17vF98)  2025-04-17T04:00Z [---] followers, [---] engagements


"Splunk Development Advanced Demo Session Slot [--] Soft Mania 🎯 Free Demo Splunk Developer Advanced Training 📅 Recorded Live on: 09-July-2025 👨🏫 Trainer: Muruganantham Pothanaickar (Founder Soft Mania) In this session we explored the real-world role of a Splunk Developer and how structured and unstructured data is handled in modern log analytics environments. ✅ Topics Covered in This Live Session: - What does a Splunk Developer do in a real-time project - Day-to-day tasks & responsibilities in enterprise environments - Understanding structured vs unstructured data - How raw log data is"  
[YouTube Link](https://youtube.com/watch?v=Y6Con1UHYuE)  2025-07-09T16:53Z [----] followers, [---] engagements


"What difficulties are you facing while learning Splunk.mp4 What difficulties are you facing while learning Splunk Comment your points below #splunk #splunklife #splunkblogs #splunkers #splunkadmin #splunkdeveloper #interviewquestions #splunkusecases #softmania #splunkmania"  
[YouTube Link](https://youtube.com/watch?v=ZDg3Vyf3woA)  2024-12-29T04:00Z [---] followers, [--] engagements


"9.Troubleshooting live session.mp4 The Bundle Push Fail Expanded But on your Search Head Nothing changes. The new fields dont appear. Lookups arent working. Your dashboards still reflect the old logic. What went wrong This is the classic bundle push fail. Sometimes the bundle doesnt actually reach all indexer peers especially if one was temporarily offline in maintenance mode or had a dirty shutdown. Other times it's a version mismatch between your cluster master (or manager node) and the peer nodes. Or maybe your app has bad permissions missing metadata or incorrectly structured directories"  
[YouTube Link](https://youtube.com/watch?v=Zjin92_lW_E)  2025-06-11T04:00Z [----] followers, [---] engagements


"Forwarding Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Forwarding Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Forwarding Issues: Issue: - Splunk Add-on for Salesforce is unable to make API calls and no data is collected from the Forwarder. (Error messages from Add-on) Root Cause: - KV Store is down. Splunk Add-on for Salesforce uses the KV Store service in data collection so KV Store should be up and running. The License is not supporting KV Store. Query: index=_internal * Splunk_TA_salesforce* log_level=Error ----result--- 2024-01-30 13:18:33594"  
[YouTube Link](https://youtube.com/watch?v=atPiT5DNaB8)  2024-07-05T01:00Z [---] followers, [---] engagements


"Soft Mania - Posters.mp4 Is learning Splunk still safe & stable for the next [--] years Absolutely but here's the real talk: ✅ Yes Splunk remains a top-tier platform in cybersecurity and observability. 💡 However mastering Splunk alone isn't sufficient. In today's real-world environments Splunk operates alongside various tools and technologies. 🚀 To truly excel you need to integrate Splunk skills with: - Cybersecurity fundamentals - Cloud platforms - AI and machine learning This comprehensive approach aligns with Splunk's strategic direction. Their recent reports highlight a unified AI-powered"  
[YouTube Link](https://youtube.com/watch?v=bQcBFb26gJc)  2025-05-15T11:21Z [---] followers, [--] engagements


"Scenario based Splunk Admin Interview Questions - Session [--] Clean Splunk Indexes Scenario based Splunk Admin Interview Questions - Session [--] Topics covered in this session: - How to clean an index in a standalone environment - How to clean an index in a clustered environment"  
[YouTube Link](https://youtube.com/watch?v=d_NXaUMY0q4)  2025-08-25T11:19Z [----] followers, [---] engagements


"Splunk Crashing Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Splunk Crashing Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Splunk Crashing Issues: Issue: Splunk software is crashing too often File name: $SPLUNK_HOME/splunk/var/log/splunk/crash.log build 6818ac46f2ec 2023-12-11 15:43:29 Received fatal signal [--] (Aborted) on PID [-----]. Cause: Signal sent by PID [-----] running under UID [----]. Crashing thread: WebuiStartup . . . Root cause: The crash happens if appServerProcessLogStderr is enabled in web.conf File name:"  
[YouTube Link](https://youtube.com/watch?v=fdbKqTSWGWQ)  2024-04-01T00:30Z [---] followers, [---] engagements


"5.Troubleshooting live session.mp4 The Support Ticket Stress: - You are facing an issue in your Splunk environment and after some digging you decide it is time to open a support ticket. - Splunk Support responds quickly asking for a familiar set of files metrics.log splunkd.log and the output of the btool command. You gather everything and send it over feeling hopeful. But then comes their reply: Check pipeline health. Now you are stuck. What exactly does that mean Where do you look Which log lines matter and which ones are just routine noise - If you have not worked with these logs before or"  
[YouTube Link](https://youtube.com/watch?v=gPn071LqhDs)  2025-06-04T05:07Z [----] followers, [---] engagements


"Marketing Post - Splunk Enterprise Learning resources - Part-1.mp4 Do you know Splunk Enterprise Learning resources Part-1 Channel Name: Splunk & Machine Learning Link: https://zurl.co/YbLF Channel Name: Splunk Talks Link: https://zurl.co/95w0 Channel Name: Splunk How-To Link : https://zurl.co/zlPp Channel Name: Soft Mania Link: https://zurl.co/R1dX Channel Name: Splunk In [--] Minutes Link : https://zurl.co/I1HA Channel Name: Splunk Basics Link : https://zurl.co/M41K Channel Name: Abhay Singh Link : https://zurl.co/BdEG Channel Name: Splunk User Community Experience Link : https://zurl.co/f5rL"  
[YouTube Link](https://youtube.com/watch?v=gnnJYIhgFt4)  2024-12-05T04:00Z [---] followers, [--] engagements


"6.Troubleshooting live session.mp4 The It Works on Dev Disaster Expanded - Everything was perfect in your dev environment. The data came in clean parsed correctly and your dashboards looked beautiful. - But once you pushed to production nothing worked. Events were broken fields were missing and alerts didnt trigger. Why - Because development only had one type of data format. Production has five. - Maybe in dev you tested with one log line style. But in prod logs vary some are JSON others key-value a few are just raw text dumps. - Now your carefully tuned props.conf and transforms.conf are"  
[YouTube Link](https://youtube.com/watch?v=hCO_u6xfXMM)  2025-06-05T12:00Z [----] followers, [---] engagements


"Migration Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Migration Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Migration Issues: The activity that happened was. Splunk instance migrated from on-prem to cloud environment. Issue: After Migration to cloud On-Prem forwarders are not able to connect properly. (HTTP Event Collector Connection Fails) Root Cause: - Splunk App for Stream is not able to generate and detect HEC tokens automatically. Solution: - Need to do fresh installation of Splunk App for Stream without putting local configurations back."  
[YouTube Link](https://youtube.com/watch?v=hFaVcvlteUQ)  2024-07-03T01:00Z [---] followers, [--] engagements


"Configuration Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Configuration Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Issue: Sourcetype is not working for CSV data when it is added to Indexer Root cause: For Structured data the parsing happens at Universal Forwarder (UF) itself so the sourcetype should be configured at UF itself. Solution: Configure the sourcetype in Universal Forwarder for CSV Data alone & Restart Splunk. #splunk #splunkadmin #splunkblogs #splunkengineer #splunklife #softmania #splunkmania #troubleshooting #splunktroubleshooting"  
[YouTube Link](https://youtube.com/watch?v=hQGBUObnTYs)  2024-03-19T16:55Z [---] followers, [---] engagements


"Splunk Enterprise Vs Splunk Cloud.mp4 Splunk Enterprise Vs Splunk Cloud [--]. Deployment Splunk Enterprise: - Fully Managed by you Hosted on-premises or in your private cloud Splunk Cloud: - Fully managed by Splunk in the cloud [--]. Management Splunk Enterprise - Requires user-managed updates scaling and maintenance. Splunk Cloud: - Splunk handles updates scaling and maintenance [--]. Scalability Splunk Enterprise: - Manual scaling by adding hardware or resources Splunk Cloud: - Automatically scales based on data volume and usage [--]. Security Splunk Enterprise: - Full control over infrastructure and"  
[YouTube Link](https://youtube.com/watch?v=i-f-cRGSMmU)  2024-12-03T04:00Z [---] followers, [---] engagements


"Data Replication issue Splunk Troubleshooting Use case [--] Day [--] Soft Mania Splunk Enterprise Troubleshooting Use Cases [--] -Day [--] Data Replication Issues Issue: Indexed data present only on [--] indexer not replicated across peers / indexers. Root Cause: repFactor = auto property is missing Solution: Add repFactor=auto under the index stanza which requires replication. Step-1: In Cluster Manager node edit the indexes.conf file. Step-2: Deploy the bundle to Peers using CLI or GUI Step-3: Check the replication status for each index to make sure changes are reflecting. Free Masterclasses: (With live"  
[YouTube Link](https://youtube.com/watch?v=i4tlj1v9Xj8)  2024-02-24T05:21Z [---] followers, [---] engagements


"SAML Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania SAML Issues Splunk Enterprise Troubleshooting Use Cases - [--] Issue-9: Users were onboarded to security groups but not able to login to Splunk. Root Cause: The new security group was not configured/mapped with none of the roles in Splunk. Solution: Configure the security group & map it with the correct role. #splunk #splunkadmin #splunkblogs #splunkengineer #splunklife #softmania #splunkmania #troubleshooting #splunktroubleshooting"  
[YouTube Link](https://youtube.com/watch?v=ielybYye3H4)  2024-03-14T00:30Z [---] followers, [---] engagements


"8.Troubleshooting live session.mp4 The Duplicate File Issue Expanded You notice something strange: your Universal Forwarder is re-indexing the same CSV file over and over again. At first you think maybe its a one-time glitch. But then you see duplicate events piling up in your index. Same data different timestamps. Now your dashboards are skewed your alerts are noisy and your license usage is blowing up. So why is it re-indexing Splunk thinks the file is new. Thats because: You renamed the file. You moved it to another directory. Or you altered the content in a way that changed the file's CRC"  
[YouTube Link](https://youtube.com/watch?v=k4oLXlmqJn0)  2025-06-10T09:33Z [----] followers, [---] engagements


"How to Choose a Forwarder (UF & HF).mp4 How to Choose a Forwarder (UF & HF) Lets say. - We have data from which we need to get the data. Which Forwarder will you choose How can I decide Is there any standard way --------------------------- Forwarder Selection depends on below questions but not limited to. - Can I install a forwarder on this system (Yes / No) - Do I need to distribute (load balance) data across many indexers (Yes / No) - Are there data sets only obtainable through scripts run locally (Yes / No) - Do I need to parse the data locally (Yes / No) --------------------------- How to"  
[YouTube Link](https://youtube.com/watch?v=kgoHmUwItnY)  2025-04-15T04:00Z [---] followers, [--] engagements


"How to Choose a Splunk Forwarder & Do You Need a License for It (Deep Dive for Admins) Soft Mania 🎥 Webinar Recording: How to Choose a Splunk Forwarder & Do You Need a License for It In this recorded session we break down one of the most commonly asked questions in the Splunk community: 👉 "Which Splunk Forwarder should I use" 👉 "Do forwarders require a license" Whether you're a beginner or someone managing a growing Splunk deployment this session will help you make informed decisions about forwarder architecture. 🔍 What Youll Learn in This Video: - Difference between Universal Forwarder"  
[YouTube Link](https://youtube.com/watch?v=kxvWOIYoRw0)  2025-07-03T07:33Z [----] followers, [---] engagements


"What to Learn Where to Start & Why Splunk Matters Splunk Admin Bootcamp Session [--] Soft Mania Welcome to Session [--] of the Splunk Admin Bootcamp by Soft Mania This session is designed especially for beginners who want to start their Splunk journey with complete clarity and direction. If youre confused about where to begin what topics to learn and whether Splunk is still worth learning in [----] - this session is for you What youll learn in this session: - What is Splunk and why it was created - The real-world use case of Splunk in enterprises - Splunk Admin vs Developer roles explained - Core"  
[YouTube Link](https://youtube.com/watch?v=laV5oHEk_qU)  2025-10-15T13:05Z [----] followers, [---] engagements


"Data Ingestion Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Data Ingestion Issues Splunk Enterprise Troubleshooting Use Cases - [--] Soft Mania Data Ingestion Issues: Issue: - Both internal logs and data from UF get delayed for about [--] seconds. (Event Indexing delay) - Difference between _time and _indextime is about [--] seconds. Root Cause: - UF processes a larger number of files than it typically does. - Increased size of the fishbucket & the processing of fishbucket. - UF spent a lot of time traversing the fish bucket in checkpoint() routine which caused a TCP sending"  
[YouTube Link](https://youtube.com/watch?v=mbpeeVrfQOs)  2024-07-02T01:00Z [---] followers, [---] engagements


"Soft Mania Community - Introduction Session - Highlights.mp4 Soft Mania Community Platform https://tinyurl.softmania.in/QvW4w #splunk #splunklife #splunkblogs #splunkers #splunkadmin #splunkdeveloper #interviewquestions #splunkusecases #softmania #splunkmania"  
[YouTube Link](https://youtube.com/watch?v=mgcBHOWnHa4)  2025-02-08T04:00Z [---] followers, [--] engagements


"How to Decide Number of Search head & Indexers.mp4 How to Decide Number of Search head & Indexers Lets say. - I have a requirement of [---] Gb/day [--] concurrent Users. - How to calculate the required number of Search head and Indexers Is there any standard way for this - Yes Splunk has a table that can help us with this. - The table shows the number of reference machines that you need to index and search data in Splunk Enterprise depending on the number of concurrent users and the amounts of data that the instance indexes. - The table is only a guideline. Modify these figures based on your use"  
[YouTube Link](https://youtube.com/watch?v=pATCkVHxbfE)  2025-04-14T05:48Z [---] followers, [--] engagements


"Splunk Development Advanced Demo Session Slot [--] Soft Mania 🎯 Free Demo Splunk Developer Advanced Training 📅 Recorded Live on: 09-July-2025 👨🏫 Trainer: Muruganantham Pothanaickar (Founder Soft Mania) In this session we explored the real-world role of a Splunk Developer and how structured and unstructured data is handled in modern log analytics environments. ✅ Topics Covered in This Live Session: - What does a Splunk Developer do in a real-time project - Day-to-day tasks & responsibilities in enterprise environments - Understanding structured vs unstructured data - How raw log data is"  
[YouTube Link](https://youtube.com/watch?v=tZFmnVDvNpI)  2025-07-09T08:24Z [----] followers, [---] engagements


"What happens If Cluster Master is down Scenario-based Splunk Admin Use Case - [--] Scenario-based Splunk Admin Use Case [--] What happens If Cluster Master is down The quick answer is: Indexers and search heads will function normally no sudden failure but we should consider it as a severe failure which needs to be fixed as soon as possible. The search head will display a warning if one or more peers in the last generation are down. If any one of peers is down there is no way to coordinate the necessary remedial bucket-fixing activity If a forwarder restarts while the manager is down it will not"  
[YouTube Link](https://youtube.com/watch?v=w54ZdZIK6DQ)  2024-02-09T07:43Z [---] followers, [---] engagements


"Why do we need an Intermediate Forwarder (IF) .mp4 Why do we need an Intermediate Forwarder (IF) Intermediate Forwarder (IF) will. - Act as a data consolidation point from multiple forwarders. - Reduce the workload of Indexer by doing parsing before sending data to Indexer. It can also do parsing if the data is coming from Universal forwarder which can reduce the workload of Indexer. #splunk #splunklife #splunkblogs #splunkers #splunkadmin #splunkdeveloper #interviewquestions #splunkusecases #softmania #splunkmania"  
[YouTube Link](https://youtube.com/watch?v=x6no-9ZsfK0)  2025-04-16T04:00Z [---] followers, [---] engagements


"Retention Policy Issues Splunk Enterprise Troubleshooting Use Case - [--] Soft Mania Retention Policy Issues Splunk Enterprise Troubleshooting Use Case - [--] Issue-8: Indexed data (more than [--] days) is removed even before the retention period (90 days) Root Cause: The max size of an index (maxTotalSizeMB) is reached before the retention period in seconds (frozenTimePeriodInSecs). Solution: Increase the maxTotalSizeMB to a big number say [---] GB based on the size of [--] days data in indexes.conf. #splunk #splunkadmin #splunkblogs #splunkengineer #splunklife #softmania #splunkmania #troubleshooting"  
[YouTube Link](https://youtube.com/watch?v=yC9qCRHtdR0)  2024-03-13T00:30Z [---] followers, [---] engagements


"_How to hide App Nav bar in Splunk.mp4 How to hide App / Nav bar in Splunk Step 1: Prepare Your Dashboard Open your Splunk dashboard. Switch to the Source Code view. Step 2: Apply default attributes [--]. hideSplunkBar="true" - This hides the Splunk bar which is the top navigation bar in Splunk. [--]. hideAppBar="true" - This hides the App bar. [--]. hideChrome="true" - It hides the Splunk bar App bar and the footer providing a full-screen immersive experience for the dashboard. More free resources on Splunk Dashboards can be found here. https://tinyurl.softmania.in/Splunk-Dashboard-Doc"  
[YouTube Link](https://youtube.com/watch?v=ywF5T978hyc)  2025-02-03T04:00Z [---] followers, [--] engagements


"How to implement a modal pop-up in a Splunk dashboard.mp4 How to implement Modal pop-up in Splunk Dashboard Step 1: Prepare Your Dashboard Open your Splunk dashboard. Switch to the Source code view. Step 2: Add the modal pop-up code Add the pop-up modal code above the tag. Follow this URL or scan the QR code for the script code steps. https://tinyurl.softmania.in/modal-popup Once you have successfully followed these steps you should see the changes reflected on your dashboard. #splunk #splunklife #splunkblogs #splunkers #splunkadmin #splunkdeveloper #interviewquestions #splunkusecases"  
[YouTube Link](https://youtube.com/watch?v=zIllIj6Bo9E)  2025-01-27T04:00Z [---] followers, [--] engagements


"Do you know How to enable MFA in Splunk.mp4 Do you Know How to enable MFA in Splunk https://tinyurl.softmania.in/bUZoT #splunk #splunklife #splunkblogs #splunkers #splunkadmin #splunkdeveloper #interviewquestions #splunkusecases #softmania #splunkmania"  
[YouTube Link](https://youtube.com/watch?v=zxN-_tZJYeM)  2025-02-16T04:00Z [---] followers, [--] engagements

Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing