Security

Discussions

Thread Info

Why is the Netflow stream not listening on the defined port?

I'm struggling to get the Splunk Stream Forwarder to listen on the port that I have configured to receive sFlow packe...

by New Member in

How to mask a bank detail from JSON logs

Hi, We are ingesting some logs into splunk in JSON format, the logs are ingested via TA. The value field in the b...

by Builder in

All Index logs display by Stats by Date

Hello All, Need an search query where i can see all the index logs by |stats by count, date, index. Tried the below...

by Explorer in

Limit access to index by Role without breaking other roles

I have user A that is getting 3 different roles. Normally this isn't an issue, but one of those roles has a restricte...

by Contributor in

Splunk Alert on specific phrase

I have an alert set up to run every hour to look for any latency of :45 minutes. If over that send a "Please Investig...

by Path Finder in

Splunk port issue

Hello SPlunkers!! I have upgraded my HF from 8.0.0 to 8.1.2, while upgradation everything is working fine. But the ...

by Communicator in

How do I get the current logged in username in Splunk?

How do I get the current username from Splunk? Por exemplo, eu entrei como Obama, dai queria resgatar o nome Obama. (...

by Path Finder in

Accidently removed permissions from only admin account

Hello, I recently messed up the permissions for the only account in my testing environment instance. I no longer have...

by Explorer in

Using an HTTP Event Collector, How do I enable SSL certificate validation using Splunk logging for .net?

Splunk logging for .NET can't connect to my Splunk enterprise using Http Event Collector. Other than disable SSL, How...

by Engager in

AzureAD SSO - Reply URL does not match

I am trying to set up SSO with Splunk and AzureAD. I have used these guides: https://docs.splunk.com/Documentation/Sp...

by Engager in

Update BindDNpassword on deployer in authentication.conf

Hello guys, how to correctly update and deploy new LDAP password please, is procedure below accurate? update bindD...

by Motivator in

HEC _raw sourcetype

Hi, I have a raw HEC set up as follows (no sourcetype set): [http://aiwa_request_input] disabled = 0 index = te...

by New Member in

Adding new email address to Splunk Profile

I need to add my company email address to my SplunK profile. The current profile only consists my personal email addr...

by New Member in

Need to setup splunk lab in vm

Hi,Can anyone guide me to setup Splunk lab in VM. I am very much passionate to learn splunk. but getting failed in se...

by Observer in

Cron Expression for scheduled Alert

Hi Please help me to build cron expression. thanks in advance Alert runs Every 15min from 8am to 18pm, EverydayA...

by Path Finder in

Storing encrypted credentials and retrieving them

So I've been looking at this blog post from 10 years ago: https://www.splunk.com/en_us/blog/security/storing-encryp...

by Engager in

Zoom Logging - Firewall Question

Hi, I'm following the zoom logging instructions and have everything configured. I'm ready to put in the exception fo...

by Path Finder in

Data Model Authentication sucessful splunk query alerts

Please I need help with a detailed splunk Data accelerated data model authentication query for sucessful login aler...

by Path Finder in

Inadvertently edited 4000+ ES notable events - please help me undo them

Hello folks! That is my first post here and I hope you guys help me with my issue. I have inadvertently selected ...

by Explorer in

Permissions to delete searches in Splunk 6.1.1

Recently we upgraded to 6.1.1 and I've noticed that users with admin access no longer can delete searches. What permi...

by Path Finder in

Top Labels

access control 94
audit 43
authentication 112
encryption 41
LDAP 34
login 65
Other 193
permissions 72
SAML 29
SSL 89
SSO 31

Get Updates on the Splunk Community!

Security

Discussions

Why is the Netflow stream not listening on the defined port?

How to mask a bank detail from JSON logs

All Index logs display by Stats by Date

Limit access to index by Role without breaking other roles

Splunk Alert on specific phrase

Splunk port issue

How do I get the current logged in username in Splunk?

Accidently removed permissions from only admin account

Using an HTTP Event Collector, How do I enable SSL certificate validation using Splunk logging for .net?

AzureAD SSO - Reply URL does not match

Update BindDNpassword on deployer in authentication.conf

HEC _raw sourcetype

Adding new email address to Splunk Profile

Need to setup splunk lab in vm

Cron Expression for scheduled Alert

Storing encrypted credentials and retrieving them

Zoom Logging - Firewall Question

Data Model Authentication sucessful splunk query alerts

Inadvertently edited 4000+ ES notable events - please help me undo them

Permissions to delete searches in Splunk 6.1.1

This dashboard view is deprecated and will be removed in future versions of Splunk ...

How to ingest a selection of JSON fields

Why getting timeout error while adding data to the Splunk cloud index from REST API?

Where I can request an annual application security...

Keycloak SAML configuration shows an invalid reque...

SAML Failed to parse issuer

Why are Splunk and Azure logons not being recorded...

Why is InfoSec App Not Displaying Correct Active D...