Security

Community Activity

What are some potential correlation search SPL? Hi, Looking for SPL like within a brief span of time, say two hours, a user prompts alerts for both PDM and encrypted... by AL3Z Builder in Security 04-03-2023 0 12	0	12
SSL & SAN- Is it possible to enable the below parameters in the web.conf file while using a self signed certificate? Hi folks, Is it possible to enable the below parameters in the web.conf file while using a self signed certificate?ss... by vinoth_raj Path Finder in Security 04-03-2023 0 0	0	0
How to achieve IP scanners scanning many IPs on a single port usecase? Hi,I'm trying to work on the IP scanners scanning many IPs on a single port usecase on splunk index=firewall sourcety... by AL3Z Builder in Security 04-03-2023 0 1	0	1
Why am I getting this error while using btool? Hello, I'm trying to investigate the configuration files in a new app I created, but every time I run ./splunk btool ... by SamuraP Engager in Security 04-01-2023 0 6	0	6
Can a role only have write access to an index? Is it possible to limit a role to only have write access to an index? For example I want a role to be able to do summ... by klim Path Finder in Security 04-01-2023 0 4	0	4
How to masking data by Role-based on Splunk Cloud? I want to masking data by Role-based on Splunk Cloud. by yottanat2021 Explorer in Security 03-30-2023 0 4	0	4
Error in 'eval' command: The expression is malformed. Expected )? Hi all, I am setting dashboard and alert where we are trying to alert if there is missing hosts in splunk for more th... by shruti14 Explorer in Security 03-30-2023 0 4	0	4
What permissions are required in a role to update geoip file? Without giving admin, is there a permission to apply to roles that would allow that user to update the geoip files? ... by robbieevansCC Engager in Security 03-29-2023 0 3	0	3
I need to extract field call "subject" from data field "FW: [ DOC 45 ] DTP: DEMO XXX CCC \| 20147" Data field "FW: [ DOC 45 ] DTP: DEMO XXX CCC \| 20147" from this I need to extract "DEMO XXX CCC"output subject fiel... by karu0711 Communicator in Security 03-28-2023 0 4	0	4
Is there any way to limit list of users based on REST calls? looking for the best way to audit all users accessing REST endpoints found a way to list users, but any way to limit ... by crsplunkr Loves-to-Learn Everything in Security 03-24-2023 0 1	0	1
How to use eval case match to assign a target and count? Hello, I have some log messages like this, where various info is delimited by double-colons: {"@message":"[\"ERROR ::... by Burndata Explorer in Security 03-24-2023 0 2	0	2
Why Splunk web login is returning HTTP 500 internal server error when splunkd fails to start up? Splunk web is returning HTTP 500 internal server error after entering login credential as splunkd fails to start up. ... by keio_splunk Splunk Employee in Security 03-23-2023 0 2	0	2
What is regex for dem_d54879.csv? I want to extract 5degit. number 54879 as number field by karu0711 Communicator in Security 03-23-2023 0 4	0	4
How to create a user with only ad-hoc searches permission? Hi Splunk Experts I have a set of set of users whom I just want them to allow only run ad-hoc searches. I don't want ... by syadavsplunk Observer in Security 03-22-2023 0 4	0	4
Basic Brute Force Detection (Splunk Security Essentials) Hi There,I am new to Splunk and have data coming in from just one server. I have tried running the basic brute force ... by jamie1 Communicator in Security 03-22-2023 0 1	0	1
SSL Certificate invalid: How to send data from salesforce to Splunk using Http POST method? I am trying to send data from salesforce to Splunk using Http POST method but am getting error saying invalid certifi... by naveenSharma New Member in Security 03-22-2023 0 0	0	0
What is regex for below? FW: [ DOC 45 ] DTP: DEMO XXX CCC \| 20147I want to extract number after pie as field name "data". what is the regex? by karu0711 Communicator in Security 03-21-2023 0 5	0	5
How to make a custom command shared between all Apps? Hi fellow Splunkers, I'm wondering is someone can tell me how to share a custom command stored within a custom App g... by splunker1981 Path Finder in Security 03-21-2023 0 2	0	2
Issue with Splunk Universal Forwarder blat.exe? Hello! One of our customer has a problem with this executable "C:\Program Files\SplunkUniversalForwarder_script\file... by maurobissante Explorer in Security 03-15-2023 0 1	0	1
How to merge multiple eval's into a single using if (match)? Hello everyone, i have this below SPL i am using, index=abcde* \| eval logtype = if(match(_raw,".?LTStamp.?ConnID.... by im_bharath Path Finder in Security 03-14-2023 0 7	0	7
Why is browser sluggish when browsing through large raw data events? Does anyone know why I would be getting very bad browsing performance when searching through large events regardless ... by dasveruckte New Member in Security 03-08-2023 0 1	0	1
Scanning Splunk data for secret leaking? Dear Community,We know that there are several options to mask sensitive data before/during ingestion. But generally, ... by DG Explorer in Security 03-07-2023 0 0	0	0
How to fix this Error on starting Splunk on UBUNTU (on my apple Mac pro)? root@ubuntu-linux-22-04-desktop:/opt/splunk/bin# uname -aLinux ubuntu-linux-22-04-desktop 5.15.0-48-generic #54-Ubunt... by splunkis0927 Engager in Security 03-06-2023 0 5	0	5
Is it possible to restrict searchable index access but allow dashboardable index access? Question says it all. I had pseudo-accomplished this for my users for the last 18 months by removing access to the se... by nick405060 Motivator in Security 03-01-2023 3 5	3	5
Splunk 9.0 issue: Why is there an issue with assigning an index to a role? Prior to upgrading to Splunk Enterprise 9.0 (we were on 8.2.6), when creating or editing a role, the indexes tab had ... by matt8679 Path Finder in Security 02-26-2023 0 5	0	5