Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
AceX
My company is doing SOC for our partners, we integrated two company in our ES we have one site it is not multisite so...
by AceX Engager in Splunk Enterprise Security Friday
0 17
0
17
robertoClaros
Hello all,I have some questions concerning the scheduling of detections.How do the rolling window for alerts work ? D...
by robertoClaros Explorer in Splunk Enterprise Security Wednesday
0 5
0
5
Wohamed_wakkad
If I have a Splunk deployment with two Search Heads (one dedicated to Enterprise Security and one for core Splunk) an...
by Wohamed_wakkad Explorer in Splunk Enterprise Security a week ago
0 3
0
3
adedwiky
Hi everyone,I’m currently troubleshooting an issue in a Splunk Enterprise 10.2.4 environment running Splunk Enterpris...
by adedwiky New Member in Splunk Enterprise Security 2 weeks ago
0 2
0
2
0xAli
Hi,Kindly, we plan to upgrade from the Splunk ES 7.3.4 to the latest 8.5.1.please confirm the upgrade path wil be dir...
by 0xAli Path Finder in Splunk Enterprise Security 3 weeks ago
0 1
0
1
javier_oshiro
Does anybody know when will the AI Agent for ES be available for OnPrem instances?Splunk said that it will be first a...
by javier_oshiro Explorer in Splunk Enterprise Security 4 weeks ago
0 2
0
2
dspencer
After upgrading ESS from 8.2.x to 8.5.1 the teams queue is blank. It just shows "Queues" and the rest is empty.New te...
by dspencer Path Finder in Splunk Enterprise Security 4 weeks ago
0 1
0
1
shenglc
HelloI'm experiencing an issue with Automation Rules in Splunk Enterprise Security (8.5.1). Sometimes I'm able to add...
by shenglc New Member in Splunk Enterprise Security 4 weeks ago
0 1
0
1
Splunkerai
we just want to  monitor one page dashboard for ES as well data source gap and SOC metrics if any one have any sample...
by Splunkerai New Member in Splunk Enterprise Security 06-10-2026
0 0
0
0
Alkern
Guys need help,We have successfully installed the Splunk AI Assistant application on our Search Head. However, we are...
by Alkern Engager in Splunk Enterprise Security 05-21-2026
0 4
0
4
splunkreal
Hello, us there still Intermediate findings column for findings in analyst queue for Event based detections?Thanks.
by splunkreal Influencer in Splunk Enterprise Security 05-18-2026
0 5
0
5
AceX
Guys I need to collect data and map to CIM for Enterprise Security senhasegura data but I could not find any app or a...
by AceX Engager in Splunk Enterprise Security 05-13-2026
0 1
0
1
cseiler-gmp
Is there a way to bulk update enabled ESCU detections when a new version with a lot of metadata changes like the MITR...
by cseiler-gmp New Member in Splunk Enterprise Security 05-11-2026
0 2
0
2
Alkern
Our company is currently using Splunk Enterprise Security, and we would like to ask a question regarding available fe...
by Alkern Engager in Splunk Enterprise Security 05-11-2026
0 1
0
1
Wohamed_wakkad
What is the relationship between Splunk accelerated data models stored in the datamodel_summary index and the normal ...
by Wohamed_wakkad Explorer in Splunk Enterprise Security 05-05-2026
0 5
0
5
Sherminator
Hello, We have a large number of dashboards and queries in our Splunk instance, and some of those are meant for monit...
by Sherminator Engager in Splunk Enterprise Security 04-30-2026
0 3
0
3
0xAli
Hi Everyone,We have integrated Crowdstrike falcon with splunk and we retrieved the IOC in index=cs_ioc.Using the belo...
by 0xAli Path Finder in Splunk Enterprise Security 04-25-2026
0 3
0
3
jordanmorgan
Unexpected status for to fetch REST endpoint uri=https://127.0.0.1:8089/services/storage/investigation/investigation?...
by jordanmorgan Observer in Splunk Enterprise Security 04-24-2026
0 1
0
1
KevHaze
We are currently in the process of upgrading from ES 7.x to ES 8.x and are performing a data validation/parity checks...
by KevHaze Explorer in Splunk Enterprise Security 04-21-2026
0 3
0
3
0xAli
Hi Everyone,I have a clustered SH (Install ES App) + Adhoc search head.I need to know what is the role of the adhoc S...
by 0xAli Path Finder in Splunk Enterprise Security 04-17-2026
0 5
0
5
dspencer
Hello,I created a new role that is the same as ess_analyst but it doesn't have any inheritance, all the capabilities ...
by dspencer Path Finder in Splunk Enterprise Security 04-10-2026
0 4
0
4
lmaclean
Hi,I am having trouble after coming from ES 7.x going through creating what I thought might be a simple Event Based D...
by lmaclean Path Finder in Splunk Enterprise Security 04-09-2026
0 3
0
3
akai
Hello,I have create a custom role and assigned the same permissions as ess_user, including adding it to the enforce_e...
by akai Explorer in Splunk Enterprise Security 04-09-2026
0 6
0
6
ljvc
Hi there,we're currently migrating to ES 8 and need to see Work Notes (comments) provided by analysts in some dashboa...
by ljvc Path Finder in Splunk Enterprise Security 04-08-2026
0 14
0
14
Sky
Hi everyone,I’m seeing a discrepancy with the Risk Modular Alert Action in Splunk ES. When triggering the risk action...
by Sky New Member in Splunk Enterprise Security 04-07-2026
0 1
0
1
Get Updates on the Splunk Community!

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...

Splunk Developers: Construct Your Future at the .conf26 Builder Bar

Calling all Splunk architects, platform admins, and app developers: the site is open, and the blueprints are ...

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...