Security

Community Activity

Splunk installed failed to create splunk account on RHEL Dear experts, I installed splunk on the rhel servers. Majority of the time it works fine. But for this one server, wh... by ryu8450 New Member in Security 12-03-2024 0 6	0	6
Synchronizing the passwd file between Splunk servers with a shared splunk.secret My goal is to update the Splunk admin password across newly configured instances using the same password. These serve... by dflodstrom Builder in Security 11-27-2024 0 5	0	5
index Hello I want to see all indexes latest data time. like when did the latest data came to this index. by Siddharthnegi Contributor in Security 11-25-2024 0 1	0	1
Help on Correlation search scheduling Hello,I am currently building correlation searches in ES and I am running into a "searches delayed" issue. some of my... by ajmach343 Explorer in Security 11-25-2024 0 2	0	2
Locked account HI , I have a user let say USER1 , his account is getting locked everyday , I searched his username on splunk and eve... by Siddharthnegi Contributor in Security 11-25-2024 0 2	0	2
Gettting 404 error while trying to create an access token using curl command curl command : curl -k -u admin:Password -X POST http://127.0.0.1:8000/en-US/services/authorization/tokens?output_m... by prashanthvp Engager in Security 11-23-2024 0 2	0	2
Account keeps getting locked out I have an employee who keeps getting locked out. I wanted to know how to put a script in to find out which device is ... by jovnice Path Finder in Security 11-20-2024 0 23	0	23
Dispatch_rest_to_indexers Hi All,I have a question. What exactly 'Dispatch_rest_to_indexers' mean ?I am getting warning when running rest comma... by Poojitha Communicator in Security 11-13-2024 0 5	0	5
Cannot connect master. Hi, Im receiving an error in my CM when I go to input ./splunk edit cluster-config -mode slave -master_uri http://ur... by jan Loves-to-Learn in Security 11-11-2024 0 2	0	2
How to configure Splunk Mgm Port 8089 SSL certificate? Hello, we run an Indexer that functions as deployment server as well. I have already configured it to use our CA-Cert... by dsfyxcasdcertzu Explorer in Security 11-05-2024 0 4	0	4
monitoring workstation domains from active directory We have 500 domain workstations, and we have installed Splunk Universal Forwarders (UF) on the Active Directory serve... by hazem Path Finder in Security 11-04-2024 0 7	0	7
collect DNS logs Hello,How to collect DNS logs from Active Directory where the domain controllers have a DNS role by hazem Path Finder in Security 11-03-2024 0 4	0	4
Parameters must be in the form '-parameter value' error when trying to sign certificate. Does anyone have an idea on why I am returning the following error: Parameters must be in the form '-parameter value'... by CaptainHook Communicator in Security 11-01-2024 0 11	0	11
How to remove users from Splunk registered by SAML? Hi everyone, I need to remover users that leave the company. I´ve already remove them from company AD, but the remain... by Clecimar Explorer in Security 10-29-2024 1 10	1	10
How Do I Remove Old SAML Users? I originally configured my SAML authentication with a NameID that was a GUID. We noticed that they were randomly gene... by brreeves_splunk Splunk Employee in Security 10-28-2024 0 11	0	11
How to investigate high-risk communication to internet using Correlation Search In my environment, palo alto (proxy) logs are being stored into Splunk.I want to know what kind of operation on a ser... by m_tanaka Explorer in Security 10-28-2024 1 4	1	4
Adding drilldown to a notable/Alert Hey.I'm trying to add the "Drilldown" and "Contributing Events" to our Splunk notables.I have added to this parameter... by MOR09 Engager in Security 10-16-2024 1 1	1	1
Admin can't see users with a certain role and we can't take out the "grantableRoles = admin" option Hi, all the splunk gurus out there. Recently we added a new role and we couldn't see the users with the role when lo... by yangban Explorer in Security 10-14-2024 1 7	1	7
Assets and Identities _reload failing Hello! Since 7.3.0 I'm seeing the reload process for assets and identities failing frequently. Any ideas? RROR pid=20... by TiagoTLD3 Engager in Security 10-10-2024 0 1	0	1
Hola, descargue la OVA de Splunt para probarlo, no encuentro credenciales de acceso a la VM Hola, hoy solicito su ayuda, Dado que descargue la VMWARE de Splunt para probarlo y ver el funcionamiento, pero no h... by darwincharle New Member in Security 10-09-2024 0 1	0	1
Unable to search with eval case output Hello Everyone,I have following splunk query, which I am trying to build for dropdown in dashboard. Basically 2 dropd... by super_edition Path Finder in Security 10-07-2024 0 5	0	5
Create HEC token from Linux CLI Hello,Is it possible to create HEC Token from the CLI of Linux host? Any recommendations how to create HEC token fro... by SplunkDash Motivator in Security 10-03-2024 0 3	0	3
CVE-2024-5535 - Openssl 1.0.2zk Vunerability Hi,I can see Splunk is vulnerable to openssl 1.0.2zk, I've applied the latest 9.2.2 on Splunk Enterprise and the Univ... by gschleusener Engager in Security 10-02-2024 1 4	1	4
linux_audit logs My linux_audit logs increased after updating apps and causing license manager to go over limit. Anyone know a fix for... by dude49 Explorer in Security 09-30-2024 0 4	0	4
regular expression Hi i want to extract highlighted partSep 24 10:43:25 10.82.10.245 [S=217] [BID=d57afa:30] RAISE-ALARM:acProxyConnecti... by Siddharthnegi Contributor in Security 09-28-2024 0 2	0	2