Security

Ask a Question

Discussions

Thread Info

I need to extract field call "subject" from data field "FW: [ DOC 45 ] DTP: DEMO XXX CCC | 20147"

Data field "FW: [ DOC 45 ] DTP: DEMO XXX CCC | 20147" from this I need to extract "DEMO XXX CCC"output subject fiel...

by Communicator in

Is there any way to limit list of users based on REST calls?

looking for the best way to audit all users accessing REST endpoints found a way to list users, but any way to lim...

by Loves-to-Learn Everything in

How to use eval case match to assign a target and count?

Hello, I have some log messages like this, where various info is delimited by double-colons: {"@message":"[\"ERROR...

by Explorer in

Why Splunk web login is returning HTTP 500 internal server error when splunkd fails to start up?

Splunk web is returning HTTP 500 internal server error after entering login credential as splunkd fails to start up. ...

by Splunk Employee in

What is regex for dem_d54879.csv?

I want to extract 5degit. number 54879 as number field

by Communicator in

How to create a user with only ad-hoc searches permission?

Hi Splunk Experts I have a set of set of users whom I just want them to allow only run ad-hoc searches. I don't wa...

by Observer in

Basic Brute Force Detection (Splunk Security Essentials)

Hi There, I am new to Splunk and have data coming in from just one server. I have tried running the basic brute for...

by Communicator in

SSL Certificate invalid: How to send data from salesforce to Splunk using Http POST method?

I am trying to send data from salesforce to Splunk using Http POST method but am getting error saying invalid certifi...

by New Member in

What is regex for below?

FW: [ DOC 45 ] DTP: DEMO XXX CCC | 20147I want to extract number after pie as field name "data". what is the regex?

by Communicator in

How to make a custom command shared between all Apps?

Hi fellow Splunkers, I'm wondering is someone can tell me how to share a custom command stored within a custom App...

by Path Finder in

Issue with Splunk Universal Forwarder blat.exe?

Hello! One of our customer has a problem with this executable "C:\Program Files\SplunkUniversalForwarder_script\f...

by Explorer in

How to merge multiple eval's into a single using if (match)?

Hello everyone, i have this below SPL i am using, index=abcde* | eval logtype = if(match(_raw,".*?LTStamp.*?C...

by Path Finder in

Why is browser sluggish when browsing through large raw data events?

Does anyone know why I would be getting very bad browsing performance when searching through large events regardless ...

by New Member in

Scanning Splunk data for secret leaking?

Dear Community, We know that there are several options to mask sensitive data before/during ingestion. But generall...

by Explorer in

How to fix this Error on starting Splunk on UBUNTU (on my apple Mac pro)?

root@ubuntu-linux-22-04-desktop:/opt/splunk/bin# uname -aLinux ubuntu-linux-22-04-desktop 5.15.0-48-generic #54-Ubunt...

by Engager in

Is it possible to restrict searchable index access but allow dashboardable index access?

Question says it all. I had pseudo-accomplished this for my users for the last 18 months by removing access to the se...

by Motivator in

Splunk 9.0 issue: Why is there an issue with assigning an index to a role?

Prior to upgrading to Splunk Enterprise 9.0 (we were on 8.2.6), when creating or editing a role, the indexes tab had ...

by Path Finder in

How would I design a role that only gives the ability to create (and search) indexes?

I was looking at the list of capabilities and it was not clear to me which would grant the ability to create new inde...

by Communicator in

Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert

I have configured SAML 2.0 SSO with our own IdP. My local splunk app http://khal:8000/ successfully redirect to Asser...

by New Member in

Can anyone please help with constructing a search for notable events that came in outside of core hours?

by Explorer in

Why am I receiving errors setting up forwarding encryption?

I am attempting to set up encryption between a Splunk Universal Forwarder (verion 9.0.3) and a Splunk Heavy Forwarder...

by Path Finder in

Why can't I get a role to query _internal?

It's making me crazy!!!     Splunk Enterprise 8.2.6, Cluster SH with 3 members. ...

by Builder in

How can I created dashboard for my entities like image belong in IT Essentials work app?

How can I created dashboard for my entities like image belong in IT Essentials work app. I download the manuel nam...

by Motivator in

Is there an option to add MFA to Splunkbase account?

Hi Is there an option to add MFA to my Splunk Base account where I upload new apps and versions?

by New Member in

How do I renew an expired Splunk Certificate?

We have a distributed Splunk environment and the certificate for Splunk API in port tcp/8089 on the search head has e...

by Splunk Employee in

Get Updates on the Splunk Community!

Security

Discussions

I need to extract field call "subject" from data field "FW: [ DOC 45 ] DTP: DEMO XXX CCC | 20147"

Is there any way to limit list of users based on REST calls?

How to use eval case match to assign a target and count?

Why Splunk web login is returning HTTP 500 internal server error when splunkd fails to start up?

What is regex for dem_d54879.csv?

How to create a user with only ad-hoc searches permission?

Basic Brute Force Detection (Splunk Security Essentials)

SSL Certificate invalid: How to send data from salesforce to Splunk using Http POST method?

What is regex for below?

How to make a custom command shared between all Apps?

Issue with Splunk Universal Forwarder blat.exe?

How to merge multiple eval's into a single using if (match)?

Why is browser sluggish when browsing through large raw data events?

Scanning Splunk data for secret leaking?

How to fix this Error on starting Splunk on UBUNTU (on my apple Mac pro)?

Is it possible to restrict searchable index access but allow dashboardable index access?

Splunk 9.0 issue: Why is there an issue with assigning an index to a role?

How would I design a role that only gives the ability to create (and search) indexes?

Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert

Can anyone please help with constructing a search for notable events that came in outside of core hours?

Why am I receiving errors setting up forwarding encryption?

Why can't I get a role to query _internal?

How can I created dashboard for my entities like image belong in IT Essentials work app?

Is there an option to add MFA to Splunkbase account?

How do I renew an expired Splunk Certificate?

Thanks for the Memories! Splunk University, .conf25, and our Community

Data Persistence in the OpenTelemetry Collector

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Specific Splunk Attack Range Resource Specs

Splunk Enterprise upgrade to 9.4.0 failing - faili...

Windows performance -Velocity SD Service Counters ...

Use SSO and reverse proxy to skip the login page

Integrating LLM's into Splunk Dashboard

Security

Are you a member of the Splunk Community?

Discussions