https://community.splunk.com/t5/Splunk-Search/log4j-Macros/m-p/579028#M201793 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/116827">@genesiusj</a>&nbsp;</P><P>&nbsp;</P><P>do you have installed Enterprise security on your splunk istance?</P> Tue, 21 Dec 2021 15:07:40 GMT aasabatini 2021-12-21T15:07:40Z https://community.splunk.com/t5/Splunk-Search/log4j-Macros/m-p/579021#M201792 <P>Hello,</P><P>This article, <A href="https://research.splunk.com/stories/log4shell_cve-2021-44228/" target="_self">https://research.splunk.com/stories/log4shell_cve-2021-44228/</A>&nbsp;, lists many log4j attack vectors and how Splunk can help detect them. This includes what datamodels to implement/use and the SPL. However, the SPL includes various macros. And these macros do not exist on my Splunk implementation. Where do I find these macros?</P><P>Thanks and God bless,<BR />Genesius</P> Tue, 21 Dec 2021 13:56:27 GMT https://community.splunk.com/t5/Splunk-Search/log4j-Macros/m-p/579021#M201792 genesiusj 2021-12-21T13:56:27Z https://community.splunk.com/t5/Splunk-Search/log4j-Macros/m-p/579028#M201793 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/116827">@genesiusj</a>&nbsp;</P><P>&nbsp;</P><P>do you have installed Enterprise security on your splunk istance?</P> Tue, 21 Dec 2021 15:07:40 GMT https://community.splunk.com/t5/Splunk-Search/log4j-Macros/m-p/579028#M201793 aasabatini 2021-12-21T15:07:40Z https://community.splunk.com/t5/Splunk-Search/log4j-Macros/m-p/579032#M201795 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/222210">@aasabatini</a>&nbsp;</P><P>No, we don't have ES installed.</P><P>Thanks and God bless,<BR />Genesius</P> Tue, 21 Dec 2021 15:34:10 GMT https://community.splunk.com/t5/Splunk-Search/log4j-Macros/m-p/579032#M201795 genesiusj 2021-12-21T15:34:10Z