Security

Community Activity

What is regex for below? FW: [ DOC 45 ] DTP: DEMO XXX CCC \| 20147I want to extract number after pie as field name "data". what is the regex? by karu0711 Communicator in Security 03-21-2023 0 5	0	5
How to make a custom command shared between all Apps? Hi fellow Splunkers, I'm wondering is someone can tell me how to share a custom command stored within a custom App g... by splunker1981 Path Finder in Security 03-21-2023 0 2	0	2
Issue with Splunk Universal Forwarder blat.exe? Hello! One of our customer has a problem with this executable "C:\Program Files\SplunkUniversalForwarder_script\file... by maurobissante Explorer in Security 03-15-2023 0 1	0	1
How to merge multiple eval's into a single using if (match)? Hello everyone, i have this below SPL i am using, index=abcde* \| eval logtype = if(match(_raw,".?LTStamp.?ConnID.... by im_bharath Path Finder in Security 03-14-2023 0 7	0	7
Why is browser sluggish when browsing through large raw data events? Does anyone know why I would be getting very bad browsing performance when searching through large events regardless ... by dasveruckte New Member in Security 03-08-2023 0 1	0	1
Scanning Splunk data for secret leaking? Dear Community,We know that there are several options to mask sensitive data before/during ingestion. But generally, ... by DG Explorer in Security 03-07-2023 0 0	0	0
How to fix this Error on starting Splunk on UBUNTU (on my apple Mac pro)? root@ubuntu-linux-22-04-desktop:/opt/splunk/bin# uname -aLinux ubuntu-linux-22-04-desktop 5.15.0-48-generic #54-Ubunt... by splunkis0927 Engager in Security 03-06-2023 0 5	0	5
Is it possible to restrict searchable index access but allow dashboardable index access? Question says it all. I had pseudo-accomplished this for my users for the last 18 months by removing access to the se... by nick405060 Motivator in Security 03-01-2023 3 5	3	5
Splunk 9.0 issue: Why is there an issue with assigning an index to a role? Prior to upgrading to Splunk Enterprise 9.0 (we were on 8.2.6), when creating or editing a role, the indexes tab had ... by matt8679 Path Finder in Security 02-26-2023 0 5	0	5
How would I design a role that only gives the ability to create (and search) indexes? I was looking at the list of capabilities and it was not clear to me which would grant the ability to create new inde... by juniormint Communicator in Security 02-26-2023 0 6	0	6
Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert I have configured SAML 2.0 SSO with our own IdP. My local splunk app http://khal:8000/ successfully redirect to Asser... by jawaj30860 New Member in Security 02-23-2023 0 7	0	7
Can anyone please help with constructing a search for notable events that came in outside of core hours? by LionWolf Explorer in Security 02-21-2023 0 2	0	2
Why am I receiving errors setting up forwarding encryption? I am attempting to set up encryption between a Splunk Universal Forwarder (verion 9.0.3) and a Splunk Heavy Forwarder... by qcjacobo2577 Path Finder in Security 02-17-2023 0 2	0	2
Why can't I get a role to query _internal? It's making me crazy!!! Splunk Enterprise 8.2.6, Cluster SH with 3 members. [role_test] cumulativeRTSrchJobs... by verbal_666 Builder in Security 02-15-2023 0 1	0	1
How can I created dashboard for my entities like image belong in IT Essentials work app? How can I created dashboard for my entities like image belong in IT Essentials work app. I download the manuel named:... by chimell Motivator in Security 02-15-2023 0 0	0	0
Is there an option to add MFA to Splunkbase account? Hi Is there an option to add MFA to my Splunk Base account where I upload new apps and versions? by YanivWiz New Member in Security 02-14-2023 0 2	0	2
How do I renew an expired Splunk Certificate? We have a distributed Splunk environment and the certificate for Splunk API in port tcp/8089 on the search head has e... by khusain_splunk Splunk Employee in Security 02-13-2023 0 7	0	7
How to make the https splunk web load with self-signed certificate? Hello everybody, can you please tell where i am making errors? I can't make the https splunk web load with my self si... by LinghGroove Explorer in Security 02-13-2023 0 1	0	1
Is there a way to enable SSL cert validation for httpout? Hi folks, is there a way to enable SSL cert validation to a 'httpout' stanza within 'outputs.conf' like we can do wit... by mkorn Engager in Security 02-12-2023 0 2	0	2
How to get "splunk" user to read "root" user-owned files? Our general policy is to not run applications on our servers as the "root" user. However, some log files get written... by redc Builder in Security 02-10-2023 4 23	4	23
Is it possible to change admin pwd in Splunk AMI during provisioning? Just starting out with provisioning splunk 9.x via AWS AMI and Terraform. Does anyone have any idea if it is possibl... by rsbst19 Engager in Security 02-10-2023 0 0	0	0
How to create search to combine multiple “sourcetypes”? In my query. I am trying to combine the output from one index and sourcetype with the output of another index and sou... by shrugshoulders1 New Member in Security 02-07-2023 0 4	0	4
How to solve: "Search peer SSL config check" and "MongoDB TLS and DNS validation check" ERROR in Splunk Cloud? Upgrade Readiness App added to the Splunk Cloud Platform shows the following two errors.1. Search peer SSL config che... by Yuji Engager in Security 02-07-2023 1 1	1	1
How to search for users that have reset password and then shortly logged off? I'm looking to create a search for users that have reset their password and then within a certain amount of time logg... by Hapticz New Member in Security 02-03-2023 0 0	0	0
WinError 10061: sending reports via email won't work? I've tried to configure some reports to be send via email. I created a report which runs on a schedule an then send t... by bitnapper Path Finder in Security 02-03-2023 0 2	0	2