Splunk Enterprise Security

Thread Info

Anatomy of a Successful Migration with Pizza Hut

by Splunk Employee in

How do I open a support case when one of the required fields is not available to change?

Support Portal is broke and I am unable to submit a case due to one of the required fields being unable to select (se...

by Engager in

Has anyone used finding-based detection on ES 8.0 (On-Prem)?

I am trying to create a new finding-based detection to group findings together when the risk score exceeds a threshol...

by Explorer in

Can Splunk read a CSV file and automatically upload it as a lookup?

Can Splunk read a CSV file located on a remote server using a forwarder and automatically upload it as a lookup?what ...

by Loves-to-Learn Lots in

Receiving blocked=true while syslog/heavy forwarder trying to send data through indexer servers

Hi All, I have 4 Heavy forwarder servers sending data through 5 indexers server1 acts as syslog server whi...

by Path Finder in

Hide specific notables from IR (Incident review) in ES

Hello, we would like to filter ES incident review and hide notables with TEST keyword by example, how to do? Thanks f...

by Motivator in

Upgrade to ES8 - Investigations are not shown in MissionControl

Hi We upgraded our ES7 to ES8 onprem and are testing it. We currently have the issue, that the created invest...

by Engager in

Unknown users reported in Authetication datamodel

We have an alert showing users that are authenticating after working hours for security reasons, I'm sure y'all famil...

by Observer in

Access Finding/Investigation notes in ES 8

Hi there, we're currently migrating to ES 8 and need to see Work Notes (comments) provided by analysts in some dash...

by Explorer in

Changing the severity level of a notable ARAs event of a correlation search

Hello, I've recently encountered a problem with the severity level within the ARAs, my current severity level for thi...

by Path Finder in

ES Content Updates for Critical Infrastructure

Good day. I work in a heavily regulated critical infrastructure environment. Our compliance change management require...

by Engager in

Change color table on treshold field

Hello, I'm having a problem with the colouring of a column in my table. I need to colour the AverageExecutionTime c...

by Path Finder in

Calculate MTTA for an analyst

Hello everyone, I need help with determining the time needed from an analyst to investigate the alert and clos...

by New Member in

ES v8.x on cloud Investigations API

All,We are investigating a move from v7 to v8. We currently rely heavily on the Investigation API however per the...

by Engager in

Splunk enterprise certified admin

Hi Folks, Can anyone suggest or help me out on how to get prep for Splunk administration certification course and w...

by Explorer in

Anatomy of a Successful Migration with Pizza Hut

by Splunk Employee in

Enterprise security app

Hello, I am currently working on configuring Splunk Enterprise Security app, I already have data flowing into Splun...

by Communicator in

host value to be picked from the source log file

in regex101.com, tested below REGEX it was working Updated below props.conf and transforms.conf in deployment serve...

by Path Finder in

Searching Notable Events via ShortID

Hi all, Since the redesign of the new Incident Review page, we appear to have lost the ability to search for Notables...

by Engager in

How can we search the notables using short id as filter in incident dashboard on Splunk ES?

Hi All, I am using Splunk ES. We create short Ids for notables. How can we search the notables using short id as ...

by Path Finder in

Create monthly report about notables from Enterprise Security

I'm trying to create a report that includes the following information and want to schedule it to run monthly. I need ...

by Path Finder in

Listing all knowledge objects enabled in Splunk ES

Is there a search query to give the list of all the knowledge objects that are enabled in ES , i want to have list of...

by Path Finder in

Rest API for Notable Suppression

Is there a rest api available for Notable Suppression ? to get the suppresssion details and modify them via rest api

by Explorer in

Find Latency in Days

I have a splunk where one of the eval method as part of main splunk query is as below.Iam not sure why SnapshotTimest...

by Explorer in

Splunk ES: Failed to update finding: cannot redirect an already redirected call

Greetings. We are currently using Splunk ES (on-prem) 7.3.3, I updated Splunk to version 9.4.1. Since the upgrade w...

by Loves-to-Learn in

Splunk ES 8.0.2 missing drill down

After a recent upgrade to Splunk ES 8.0.2, we have observed that none of the drill downs for detection based searches...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Enterprise Security

Discussions

Anatomy of a Successful Migration with Pizza Hut

How do I open a support case when one of the required fields is not available to change?

Has anyone used finding-based detection on ES 8.0 (On-Prem)?

Can Splunk read a CSV file and automatically upload it as a lookup?

Receiving blocked=true while syslog/heavy forwarder trying to send data through indexer servers

Hide specific notables from IR (Incident review) in ES

Upgrade to ES8 - Investigations are not shown in MissionControl

Unknown users reported in Authetication datamodel

Access Finding/Investigation notes in ES 8

Changing the severity level of a notable ARAs event of a correlation search

ES Content Updates for Critical Infrastructure

Change color table on treshold field

Calculate MTTA for an analyst

ES v8.x on cloud Investigations API

Splunk enterprise certified admin

Anatomy of a Successful Migration with Pizza Hut

Enterprise security app

host value to be picked from the source log file

Searching Notable Events via ShortID

How can we search the notables using short id as filter in incident dashboard on Splunk ES?

Create monthly report about notables from Enterprise Security

Listing all knowledge objects enabled in Splunk ES

Rest API for Notable Suppression

Find Latency in Days

Splunk ES: Failed to update finding: cannot redirect an already redirected call

Splunk ES 8.0.2 missing drill down

Introducing the Splunk Developer Program!

Splunkbase Year in Review 2024

Developer Spotlight with Brett Adams

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions