Security

Community Activity

How to exclude user name that start with the number "0" on a correlation search on ES? how to exclude user name that start with the number "0" on a correlation search on ES This is the query: \| from input... by ajromero Path Finder in Security 02-25-2022 0 4	0	4
Which training course is about how to write a use case in Splunk? Hi Dears I want to know which training course is about how to write a use case in Splunk. I am a beginner and want to... by badien New Member in Security 02-25-2022 0 1	0	1
Using curl delete user return all users. can the response be limited to status? I use LDAP for users. I want to restrict few users temporarily during Splunk degraded mode.May be creating local acco... by meamitjain New Member in Security 02-24-2022 0 2	0	2
How to compare two values on same row Hey, I have a rule, that report to me each time source stop sending logs to my splunk. I try to make an exception, th... by Tomers Engager in Security 02-23-2022 0 3	0	3
How to search average sessions started by hour? Hey, I am dealing with data from an app, and I am trying to figure out how to see what times of the day our app is m... by Rapidz Explorer in Security 02-18-2022 0 4	0	4
How to change permissions from root to Splunk user? Hey, Need help. Have a client that have been running splunk for a while as root but now whats to run splunk as splunk... by So76 Explorer in Security 02-17-2022 0 1	0	1
Okta SAML authentication error Hello Splunkers, I am facing some difficulties with new Okta SAML authentication with Splunk enterprise, whenever us... by sumanssah Communicator in Security 02-16-2022 0 5	0	5
SAML/SSO Failed to parse issuer I have been working to try to authenticate with SAML and have been unable to figure out why we're not able make it wo... by steve_price New Member in Security 02-16-2022 0 1	0	1
Is it an invalid source sending data to splunktcp port or valid source sending unsupported payload? I am setting up TCP with TLS. Currently I have a Syslog Server sending data to my Splunk Instance but my Message is b... by Marco_Develops Path Finder in Security 02-16-2022 0 5	0	5
How to view Forwarding & Receiving link in my Splunk Cloud account? We have a Splunk cloud account for my organization. But I don’t see Forwarding & Receiving link in Settings menu. Is ... by psuthakar New Member in Security 02-15-2022 0 3	0	3
SSL Certificate on AWS Application Load Balancer: how to resolve the SSL Self Signed Cert Vulnerability for port 8089? Hi Team, We are using Splunk in AWS EC2 Instance. The SSL Certificate is uploaded on the AWS Application Load Balance... by jaracan Communicator in Security 02-15-2022 0 3	0	3
SAML SSO on Splunkv8.2.4 Hello,Any changes happened on SAML SSO configuration in the new Splunk v8.2.4 ?We have an IdP configured to use SSO a... by shangshin Builder in Security 02-14-2022 0 3	0	3
How to search a lookup based on field values of a base search Hello everyone, hope you are all well this afternoon. I am trying to combine 2 searches where the outer search passes... by Allene139 Explorer in Security 02-14-2022 0 2	0	2
How to query to monitor new inputs Hello I want to monitor if user run new search in our environment or created new alert i tried to use this query : ... by sarit_s Communicator in Security 02-14-2022 0 4	0	4
SSL certificate checker issue: How to see all SSL Certificates in the current search? Hi please help here we are using below base search and we need to see all ssl certificates with days left in EST. ind... by pchintha Engager in Security 02-14-2022 0 6	0	6
Splunk certificate issue: Why are we receiving this error? Hi All, We have a requirement to connect to Splunk and send the message logs from the integration flow(Cloud platform... by Caren New Member in Security 02-14-2022 0 0	0	0
UF -> HF SSL Configuration Weirdness Hello, I'm currently working on configuring SSL from a UF sitting on a Windows server to a HF running on RHEL 7. I a... by elaborateGecko Explorer in Security 02-12-2022 0 4	0	4
How to build a search that monitors who accesses a directory on a Linux box Hello, I am very new to Splunk but trying to figure a few things out. I have been tasked with building a search so th... by Durwood Engager in Security 02-09-2022 0 1	0	1
Am I missing any configurations with Splunk forwarder SSL custom certificates? Hi, I have configured my windows forwarder to use the custom CA and Server certificate. Below is the configuration an... by SS1 Path Finder in Security 02-08-2022 0 1	0	1
FIPS kvstore certificate purpose Environment- Single Splunk 7.3.9 search head / indexer with FIPS_MODE=1etc/system/local/server.conf [sslConfig] ssl... by pongey Engager in Security 02-07-2022 1 1	1	1
How to stop all users login into splunk? We are recently migrated to QRadar. So we decide to decommission the splunk. before decommission we need to stop any ... by Naveen99 Engager in Security 02-07-2022 0 2	0	2
Using X509 certificates Dear Support,We use X509 certificates provided by our customer certificate authority, in order to use HTTPS protocol ... by mghaleb Engager in Security 02-04-2022 0 2	0	2
splunk troubleshooting Training Greetings!!Need your advice and opinions on the following points:- What training can I take to master splunk admin tr... by pacifikn Communicator in Security 02-03-2022 0 4	0	4
Splunk Cloud SAML SSO Signature Verification Failure Hi Experts,I'm trying to set up SAML SSO for Splunk Cloud against an external IDP.I've loaded the IDP's SAML metadata... by akermaier New Member in Security 02-03-2022 0 0	0	0
sample data for splunk PCI compliance app Hello All,I am working on building use cases for PCI compliance , Just got to know that splunk has an PCI compliance ... by kannu Communicator in Security 02-03-2022 0 0	0	0