Splunk Enterprise Security

Discussions

Thread Info

Rest API for Notable Suppression

Is there a rest api available for Notable Suppression ? to get the suppresssion details and modify them via rest api

by Explorer in

Listing all knowledge objects enabled in Splunk ES

Is there a search query to give the list of all the knowledge objects that are enabled in ES , i want to have list of...

by Path Finder in

Find Latency in Days

I have a splunk where one of the eval method as part of main splunk query is as below.Iam not sure why SnapshotTimest...

by Explorer in

Splunk ES: Failed to update finding: cannot redirect an already redirected call

Greetings. We are currently using Splunk ES (on-prem) 7.3.3, I updated Splunk to version 9.4.1. Since the upgrade w...

by Loves-to-Learn in

Splunk ES 8.0.2 missing drill down

After a recent upgrade to Splunk ES 8.0.2, we have observed that none of the drill downs for detection based searches...

by Explorer in

One lookup different error

I have a lookuop that have domain names, I am already using this lookup in a search and its working fine, now I am tr...

by Communicator in

Spkunk ES security search results

Hi, there are some security saved search and key indicator in ES, if I activate these searches, if they trigger, in ...

by Explorer in

help spl query

Hello, I need some help for a query. I have to do this : At the moment I haven't managed to get exactly w...

by Path Finder in

Splunk Application cannot load script with Splunk Enterprise Security enabled

I maintain IPinfo's Splunk App: https://splunkbase.splunk.com/app/4070 Our customers have recently reported that ou...

by Engager in

Cannot read properties of undefined (reading 'map')

i having some issues to populate the traffic center dashboard in splunk ES. It's showing as "Cannot read properties o...

by New Member in

migration

Hello recently I moved ES app from one sh to another non clustered sh . after that this error is comingError in 'Data...

by Path Finder in

migration

Recently I migrated ES from one SH to another non cluther SH . this error was popping in the panel of ES appError in ...

by Path Finder in

Macro

Hi I have this search| `es_notable_events` | search timeDiff_type=current | timechart minspan=30m sum(count) as count...

by Path Finder in

ES Notable Security Domain Issue

Hello Everyone, Currently I am using ES 7.1.0 version. Recently but not sure exactly when, Maintenance team upg...

by New Member in

migration

Hello recently I moved ES app from one sh to another non clustered sh . after that this error is comingError in 'Disp...

by Path Finder in

Splunk ES Incident Creation

In Securonix's SIEM, we can manually create cases through Spotter by generating an alert and then transferring those ...

by Explorer in

advhunt custom Command

Our Security partners at work recently determined that their analyst need the ability to run the custom command: advh...

by New Member in

Monitoring Sync Status between MISP42 and ES instance

Hi guys, I am looking to build a query/dashboard that would monitor the status of the connection of the splunk ...

by Explorer in

ES why is there a difference in count of Notable alerts vs events in notable index ?

Hello, Hello, we are on ES 7.3.2. We are noticing there is difference in count of Notable alerts visible under "Inc...

by Explorer in

How to capture the whole lines where keyword matches using props.conf and transforms.conf

Feb 3 11:10:15 server-server-server-server systemd[1]: Removed slice User Slice of UID 0. Feb 3 04:14:23 server-ser...

by Path Finder in

Kv store feature compatibility failed

kvstore featurecompatiability shows an error occured during the last operation ( ‘ get parameter’) domain 15 code 130...

by Loves-to-Learn Lots in