Security

Discussions

Thread Info

Bluecoat Proxy Logs: How do I know the internal IP requesting that external site/IP?

I see logs leaving the proxy to an external IP. How do I know the internal IP requesting that external site/IP

by Path Finder in

Do I need separate certs for inter-splunk communication and the Web Admin Page?

I found how-to links for generating CSR's for Inter-Splunk communication and for the Splunk Web site to be able to us...

by New Member in

Why is the website monitoring URL not showing in the Status Overview page?

I have added URL using data inputs in website monitoring but url not monitored or not showing in status overview p...

by Path Finder in

Does CVE-2021-3422 also affect HWFs and IFs?

Hi All, Does the recently announced security vulnerability CVE-2021-3422 also apply to HWFs and IF that might be r...

by Path Finder in

How to flag when new value is created in field

I'm really overthinking this, but am lost. I need to show when new correlation searches are introduced into the en...

by Contributor in

What are the capabilities required for enabling/disabling maintenance mode?

Hello Team, What capabilities are required for enabling and disabling the maintenance mode. Based on the following li...

by Explorer in

Storing and using passwords in a Custom Alert Action

I've got a set of custom alert actions that when invoked, will fire off a python script that (among other things) mak...

by New Member in

Why is there certificate exception error while posting data to splunk?

Hi Team, I am getting below error while trying to post data to my splunk using below url. I have installed the cer...

by Loves-to-Learn in

Splunk not taking updated certificate (SSL)

Hi, The search head cluster uses our own certificates which are going to expire soon. So in order to update the ce...

by Builder in

What is the latest openssl vulnerability CVE-2022-0778 and how/if it affects Splunk installations?

Can anyone help with understanding the latest openssl vulnerability CVE-2022-0778 and how/if it affects Splunk instal...

by Path Finder in

アカウント登録情報の変更について

Splunkbaseに登録のアカウントについて、登録情報を変更したいのですが、変更可能でしょうか？ 会社名、メールアドレスの変更を希望します。変更できない場合、他の対応方法をご教示いただけますでしょうか？

by New Member in

Is there a way to map SAML authenticated accounts (Azure AD) to existing local accounts?

We have locally created users and have just enabled Azure AD SAML auth. Is there a way to map SAML authenticated a...

by New Member in

Change SSL Certificate port 8089 Breaks DUO Authentication

I have changed the certificate on server.conf to take my created cert for port 8089. This is the same cert that I hav...

by Observer in

Blacklisting IPv4 Ranges on Inputs.conf WinNetMon

Hello, Thank you for taking the time to consider my question. I'm currently working on a solution that would repor...

by Explorer in

Why LDAP authentication issue after upgrading from 7.3.5 to 8.1.0?

Hello all, after upgrading splunk to 8.1.0 , we have observed some issues with LDAP authentication. The uers are not ...

by Engager in

Which log would have the info about user creation?

Hi, I have added couple of users in splunk using command line option. After few days few of them came back to me w...

by Communicator in

Why are no arguments found after configuring SSO?

I configured SSO for my Splunk with IDP.I added the user in both Splunk and IDP, but when the user authenticated by o...

by Engager in

When is Log4j 2.17 availability for Splunk Enterprise 8.1?

Hello, As found on "Splunk Security Advisory for Apache Log4j", I could read that "Unless CVE-2021-45105 or CVE-2...

by New Member in

How to disable SSLv3 on port 443 (TCP)?

I've got a vulnerability scan showing that SSLv3 is enabled on port 8090 on our Splunk 7.1.1 indexer. In my server...

by Path Finder in

Is it better to enrich the data from UF Windows Log Data with Scripts?

Hello all, Thank you for taking the time to consider my question, I'm mainly seeking to find if it's possible to ...

by Explorer in

Why is Splunk app invisible for certain role despite changing its read permission to all roles?

There are two apps, a custom app and search app which are inaccessible to users despite them having read permission t...

by Contributor in

How to compare 2 search results from different indexes and create a column that lists unique values?

I tried the following query: index=alldata Application="AZ" |eval Date=strftime(_time,"%m/%d/%Y %H:%M:%S %Z") ...

by New Member in

Why is Splunk site not opening?

Hi Team, This is Saurabh Dagar and I am working on Offshore company, on there, we have splunk server and we are...

by Loves-to-Learn in

Why is verification of SAML assertion using the IDP's certificate giving error"Failed to verify signature with cert"?

hi All, We are migrating our AD provider to Azure AD, we generated the XML and cert file, and uploaded the XML via...

by Path Finder in

How do I generate certificates for Indexers & Forwarders?

Quick Question. I don't understand how to use certificates for forwarders. We have 300+ UFs. There's no way they'r...

by Builder in

Get Updates on the Splunk Community!

Security

Discussions

Bluecoat Proxy Logs: How do I know the internal IP requesting that external site/IP?

Do I need separate certs for inter-splunk communication and the Web Admin Page?

Why is the website monitoring URL not showing in the Status Overview page?

Does CVE-2021-3422 also affect HWFs and IFs?

How to flag when new value is created in field

What are the capabilities required for enabling/disabling maintenance mode?

Storing and using passwords in a Custom Alert Action

Why is there certificate exception error while posting data to splunk?

Splunk not taking updated certificate (SSL)

What is the latest openssl vulnerability CVE-2022-0778 and how/if it affects Splunk installations?

アカウント登録情報の変更について

Is there a way to map SAML authenticated accounts (Azure AD) to existing local accounts?

Change SSL Certificate port 8089 Breaks DUO Authentication

Blacklisting IPv4 Ranges on Inputs.conf WinNetMon

Why LDAP authentication issue after upgrading from 7.3.5 to 8.1.0?

Which log would have the info about user creation?

Why are no arguments found after configuring SSO?

When is Log4j 2.17 availability for Splunk Enterprise 8.1?

How to disable SSLv3 on port 443 (TCP)?

Is it better to enrich the data from UF Windows Log Data with Scripts?

Why is Splunk app invisible for certain role despite changing its read permission to all roles?

How to compare 2 search results from different indexes and create a column that lists unique values?

Why is Splunk site not opening?

Why is verification of SAML assertion using the IDP's certificate giving error"Failed to verify signature with cert"?

How do I generate certificates for Indexers & Forwarders?

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

Get Schooled with Splunk Education: Explore Our Latest Courses

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Retrieve list max 30 roles when bind LDAP group na...

Splunk Enterprise upgrade to 9.4.0 failing - faili...

Windows performance -Velocity SD Service Counters ...

Use SSO and reverse proxy to skip the login page

Integrating LLM's into Splunk Dashboard