Security

Discussions

Thread Info

Login connections made to splunk

I would like to fetch No. of logins on Splunk (how frequently my splunk is being accessed). It is basically, how many...

by Path Finder in

Splunk Certificates renewal

Hi Team, We have distributed environment with Search Heads and Indexers clustered and running on 6.5.2 version. We...

by Explorer in

SSL Error while connecting forwarder to Indexer

Hello, I am trying to connect Splunk Forwarder 6.3.3 to Indexer 6.6.3. I am getting the below error while using s...

by Builder in

Splunk not taking updated certificate (SSL)

Hi, The search head cluster uses our own certificates which are going to expire soon. So in order to update the ce...

by Builder in

How do I improve ldapsearch performance

My environment: Splunk Supporting Add-on for Active Directory 2.1.1 Splunk Enterprise 6.3.1 Running on Linux Cento...

by Communicator in

Splunk failed to connect to LDAP via port 636

I tried to configure Splunk to connect to Windows 2012R2 LDAP with SSL via port 636 but failed with below command. ...

by Splunk Employee in

How SPLUNK authenticate with IBM TAM WebSEAL

Hi, We will use TAM WebSEAL to authenticate logon splunk, can someone share such experience or documents? thank...

by New Member in

Question about "run as" (Owner or User ) for saved searches. Missing in version 7.

It looks like as of version 7, the user is no longer able to edit this setting (Run as Owner vs User). It has moved t...

by Champion in

Hello 2019: Best options for non Enterprise Security users for threat intelligence?

We're a small SOC team and looking to integrate threat intel matching into our Splunk deployment. We know ES does thi...

by New Member in

Why i'm getting this error???

couldn't run "/root/splunk/bin/splunkd" "btool": Permission denied couldn't run "/root/splunk/bin/splunkd" "btool": P...

by New Member in

When setting up load balancing, what directory do I place a new .html file on search heads?

Setting up load balancing (Netscaler) and being asked to set up a new HTML file to be used as a "health check" page. ...

by Communicator in

Permission issues while accessing kvstore lookup s

Hi Splunkers, I am trying to restrict permissions to role/user. I have created a new role not inherited from an...

by Motivator in

Does SplunkBase Vet apps for Security issues before publishing?

This is a generic question and my apologies if it has already been published somewhere, but I could not glean from my...

by Explorer in

Splunk Forwarder SSL unsupported certificate purpose?

Running Splunk 6.5.2 & 6.5.3, We just re-rolled our PKI using Microsoft's Certificate Services, with a RootCA, Pol...

by Explorer in

Not able to find users from Splunk UI ????

Hi All, We have Created Role with name "Pulsenewuser" with the capabilities (edituser,editroles,editrolesgrantable...

by Builder in

Preserve source hostname with f5 and rsyslog

We are in the process of using two syslog servers to collect network data. We have an F5 that we use to load balance ...

by Explorer in

Why are our LDAP logins getting assigned to the admin role?

Hi, I have been trying to debug this for over a month now. Also checked with other Splunk experts who are also stu...

by Explorer in

How do I find the bandwidth usage per user in my firewall logs?

i want to know the bandwidth usage per user in my firewall logs. Can you tell me how to search my firewall logs: ...

by Explorer in

How do I renew an expired Splunk Certificate?

We have a distributed Splunk environment and the certificate for Splunk API in port tcp/8089 on the search head has e...

by Splunk Employee in

SAML SSO w/Okta - "...response does not contain group information"

Hi there, I've just followed the documentation/Splunk guide to set up Okta SSO with SAML, however when clicking on th...

by Explorer in

Security

Discussions

Login connections made to splunk

Splunk Certificates renewal

SSL Error while connecting forwarder to Indexer

Splunk not taking updated certificate (SSL)

How do I improve ldapsearch performance

Splunk failed to connect to LDAP via port 636

How SPLUNK authenticate with IBM TAM WebSEAL

Question about "run as" (Owner or User ) for saved searches. Missing in version 7.

Hello 2019: Best options for non Enterprise Security users for threat intelligence?

Why i'm getting this error???

When setting up load balancing, what directory do I place a new .html file on search heads?

Permission issues while accessing kvstore lookup s

Does SplunkBase Vet apps for Security issues before publishing?

Splunk Forwarder SSL unsupported certificate purpose?

Not able to find users from Splunk UI ????

Preserve source hostname with f5 and rsyslog

Why are our LDAP logins getting assigned to the admin role?

How do I find the bandwidth usage per user in my firewall logs?

How do I renew an expired Splunk Certificate?

SAML SSO w/Okta - "...response does not contain group information"

Undefined user in splunk http://localhost:8000/en-...

What is the process of getting an app fedRAMP vali...

AWS CloudTrial events - searching on specific AWS ...

Which member to remove user folder from when remov...

Create a read only lookup table