Splunk Enterprise Security

Community Activity

Splunk AI Assistant is only supported on Splunk Cloud Guys need help,We have successfully installed the Splunk AI Assistant application on our Search Head. However, we are... by Alkern Engager in Splunk Enterprise Security 3 weeks ago 0 4	0	4
Intermediate findings in analyst queue ES v8.3 Hello, us there still Intermediate findings column for findings in analyst queue for Event based detections?Thanks. by splunkreal Influencer in Splunk Enterprise Security 3 weeks ago 0 5	0	5
Senhasegura integration Guys I need to collect data and map to CIM for Enterprise Security senhasegura data but I could not find any app or a... by AceX Loves-to-Learn Lots in Splunk Enterprise Security 4 weeks ago 0 1	0	1
Bulk update ESCU detections Is there a way to bulk update enabled ESCU detections when a new version with a lot of metadata changes like the MITR... by cseiler-gmp New Member in Splunk Enterprise Security a month ago 0 2	0	2
Inquiry Regarding Splunk AI Assistant Our company is currently using Splunk Enterprise Security, and we would like to ask a question regarding available fe... by Alkern Engager in Splunk Enterprise Security a month ago 0 1	0	1
Splunk ES \|\| DMA(datamodel_summary) And normal index What is the relationship between Splunk accelerated data models stored in the datamodel_summary index and the normal ... by Wohamed_wakkad Explorer in Splunk Enterprise Security 05-05-2026 0 5	0	5
Test Triggering Events in Splunk Enterprise Hello, We have a large number of dashboards and queries in our Splunk instance, and some of those are meant for monit... by Sherminator Engager in Splunk Enterprise Security 04-30-2026 0 3	0	3
Threat Intel: Add threat intelligence from Splunk events Hi Everyone,We have integrated Crowdstrike falcon with splunk and we retrieved the IOC in index=cs_ioc.Using the belo... by 0xAli Explorer in Splunk Enterprise Security 04-25-2026 0 3	0	3
Unexpected status for to fetch REST endpoint uri=https://127.0.0.1:8089/services/storage/investigation/investigation?cou Unexpected status for to fetch REST endpoint uri=https://127.0.0.1:8089/services/storage/investigation/investigation?... by jordanmorgan Observer in Splunk Enterprise Security 04-24-2026 0 1	0	1
ES 8.0 Upgrade: "Yesterday" time modifier returning early-morning "Today" results compared to ES 7 We are currently in the process of upgrading from ES 7.x to ES 8.x and are performing a data validation/parity checks... by KevHaze Explorer in Splunk Enterprise Security 04-21-2026 0 3	0	3
Adhoc search head: Best practisce Hi Everyone,I have a clustered SH (Install ES App) + Adhoc search head.I need to know what is the role of the adhoc S... by 0xAli Explorer in Splunk Enterprise Security 04-17-2026 0 5	0	5
Cloned Role Hello,I created a new role that is the same as ess_analyst but it doesn't have any inheritance, all the capabilities ... by dspencer Path Finder in Splunk Enterprise Security 04-10-2026 0 4	0	4
Trouble getting an EBD to trigger a finding in 8.4 Hi,I am having trouble after coming from ES 7.x going through creating what I thought might be a simple Event Based D... by lmaclean Path Finder in Splunk Enterprise Security 04-09-2026 0 3	0	3
Custom Role on ES Hello,I have create a custom role and assigned the same permissions as ess_user, including adding it to the enforce_e... by akai Explorer in Splunk Enterprise Security 04-09-2026 0 6	0	6
Access Finding/Investigation notes in ES 8 Hi there,we're currently migrating to ES 8 and need to see Work Notes (comments) provided by analysts in some dashboa... by ljvc Path Finder in Splunk Enterprise Security 04-08-2026 0 14	0	14
Sendalert risk does not populate source_guid / source_event_id — UI-created risk events do Hi everyone,I’m seeing a discrepancy with the Risk Modular Alert Action in Splunk ES. When triggering the risk action... by Sky New Member in Splunk Enterprise Security 04-07-2026 0 1	0	1
Error: Fail to fetch analyst queue data Please refresh or change the filters. After upgrading my Splunk Enterprise Security environment from 7.3.3 to 8.3.0, I’m seeing the following error on the ... by wrknh Engager in Splunk Enterprise Security 04-01-2026 0 2	0	2
Investigations disappearing in Analyst Queue I have recently installed Splunk Enterprise Security v8.4 on a fresh Splunk instance after successfully using v8.2 on... by Ian0706 Explorer in Splunk Enterprise Security 03-30-2026 0 4	0	4
Splunk Enterprise 10.0.2 - "Find More Apps" fails with X509/DigiCert validation error and HTTP 502 Hello,I am facing an issue in Splunk Enterprise 10.0.2 with ES installed when opening Apps > Find More Apps.The page ... by David_Loureiro Observer in Splunk Enterprise Security 03-29-2026 0 1	0	1
Automation Rules Not Working After ES 8.4 Upgrade After upgrading from ES 8.1 to ES 8.4, automation rules are no longer functioning.When detections are triggered based... by openbase Engager in Splunk Enterprise Security 03-27-2026 1 1	1	1
Log ingestion delay We are observing delayed ingestion of logs from neuvector application, via syslog method by tsa New Member in Splunk Enterprise Security 03-19-2026 0 3	0	3
Not able to download ES trail for splunk enterprise Hi I am not able to download ES trail for Splunk enterprise by sirius2sun New Member in Splunk Enterprise Security 03-13-2026 0 1	0	1
Datamodel Tuning - Backfill question Hello,I am trying to optimize my infrastructures datamodels. I am following this guide from Lantern:Optimizing data m... by christosb Loves-to-Learn in Splunk Enterprise Security 03-12-2026 0 3	0	3
Unable to Enable Multiple Content Management Rules in Splunk Enterprise Security Hi everyone,I'm currently working with Splunk Enterprise Security and running into an issue when trying to enable mul... by amimulahasun Explorer in Splunk Enterprise Security 03-10-2026 0 2	0	2
Splunk Add-on for ServiceNow Endpoint Configuration Does the Splunk Add-on for ServiceNow support separate endpoint configurations for Automated Alert Actions and the ma... by joeharv New Member in Splunk Enterprise Security 03-09-2026 0 0	0	0