Splunk Enterprise Security

Community Activity

Data Model Acceleration Issue in ES Instance Hello Splunkers,I'm encountering an issue with data model acceleration in my ES instance . A few weeks ago, I enabled... by aydinmo Explorer in Splunk Enterprise Security 04-01-2024 0 2	0	2
Input Lookup: Compare previous version of input lookup to current version using SPL Is there currently a capability in Splunk that will allow us search and compare the previous version of an input look... by regarza Engager in Splunk Enterprise Security 03-30-2024 0 3	0	3
Is it possible to make it mandatory to assign Dispositions to Notable Events in ES? Hi,Notable events in ES can now be assigned Dispositions. I am able to create new Dispositions from the Incident Revi... by ezmo1982 Path Finder in Splunk Enterprise Security 03-29-2024 1 6	1	6
Help with with saving selected fields per user. I am looking for help with Splunk configurations that the documentation does not seem to provide and can not be found... by dood9999 Explorer in Splunk Enterprise Security 03-27-2024 0 2	0	2
Is there a way to run a search with an adaptive response? I am currently in the process of creating an adaptive response that I want to be able to add some user input into a l... by justinw Explorer in Splunk Enterprise Security 03-27-2024 0 1	0	1
Splunk ES 3.0 Asset Support for ipv6 Does Splunk ES Support IPV6? I've seen some posts that others have had issues with ipv6 assets within the asset looku... by aelliott Motivator in Splunk Enterprise Security 03-08-2024 1 3	1	3
How can we track when Correlation searches were created HelloWe have multiple people working on the content in Splunk Enterprise Security, and I need to be able to find when... by LIP Loves-to-Learn in Splunk Enterprise Security 03-06-2024 0 10	0	10
Where does the incident review saved filters get saved to? I want to create a default search filter for ALL users that go into ES Incident Review. You can create a new filter ... by cmeisch Path Finder in Splunk Enterprise Security 03-04-2024 0 6	0	6
Please help me in tuning this search.. Hi,Could anyone please help me in fine tuning this search as it is raising lot of alerts\| tstats count min(_time) as ... by AL3Z Builder in Splunk Enterprise Security 02-27-2024 0 5	0	5
How to Spot the Signs of Lateral Movement Hi,Could anyone pls guide me how we can detect an attacker moving laterally in the environment can be a challenge rig... by AL3Z Builder in Splunk Enterprise Security 02-21-2024 0 2	0	2
Service-Now search queries to populate Splunk Enterprise Security lookup tables I'm using the Service-Now application to build some lookup tables for user and asset information, which is needed for... by milesbrennan Path Finder in Splunk Enterprise Security 02-21-2024 1 3	1	3
How do I get my Incident Review in ES to auto refresh? How do I get my Incident Review in ES to auto refresh, without having to manually auto refresh it from the browser. by mr_t2083 Explorer in Splunk Enterprise Security 02-15-2024 1 8	1	8
NFR License Hello, How do I obtain an NFR license (or the like)? We have integrations with Splunk but no way to test/evaluate th... by DRWhite1 New Member in Splunk Enterprise Security 02-13-2024 0 2	0	2
Duplicate field values after indexing JSON formatted data Hi Everyone,We`ve created a new TA to get data in from an API - this was done on the HF and the data is being sent to... by tomapatan Contributor in Splunk Enterprise Security 02-09-2024 0 1	0	1
Non-corporate Web Uploads Why I can't I see data on Splunk ES Non-corporate Web Uploads? When I click on the user, I get mariangelie.rodriguez... by jamesbanday New Member in Splunk Enterprise Security 02-08-2024 0 1	0	1
Why aren't Risk Score, Risk Event and Risk Object showing in the notable event? Hi peeps, We were fine tuning the Notable Event, and there were fields that were not showing any values. Those fields... by syazwani Path Finder in Splunk Enterprise Security 02-08-2024 0 3	0	3
SPLUNK_HOME/var/lib/splunk/modinputs taking up disk space Hi All,The data checkpoint file for windows logs is taking up a lot of disk space (over 100 GB).Where can I check the... by navarec Explorer in Splunk Enterprise Security 02-07-2024 1 0	1	0
Enterprise Security: What are the extraction fields? We wonder what the identity, Asset, File and URL Extraction fields are in the Notable set-up of the correlation searc... by danielbb Motivator in Splunk Enterprise Security 02-07-2024 0 3	0	3
Using the _time field for throttling within the correlation search. Hi all,In my AD computer account deletion correlation search, I use _time and subjectusername in throttling fields fo... by AL3Z Builder in Splunk Enterprise Security 02-05-2024 0 3	0	3
Identifying Triggered Notables in CS without Incident Dashboard Access Hi,I would like to know about the triggered notable events from CS without accessing the incident review dashboard, a... by AL3Z Builder in Splunk Enterprise Security 02-03-2024 0 1	0	1
Count events for two period of time I need to calculate the average number of events in the last hour and compare it with the number of events in the las... by Haleb Path Finder in Splunk Enterprise Security 02-02-2024 0 1	0	1
Help with ESS Incident Review "There was an error fetching related investigations" Having issues with fetching investigations in incident review.Investigation is added for the alert but when accessing... by dood9999 Explorer in Splunk Enterprise Security 02-01-2024 1 0	1	0
Query to list Crowdstrike Agent versions installed I am looking for a query to list out CrowdStrike Agent versions installed. What is the latest version, are the client... by smithahc1966 New Member in Splunk Enterprise Security 01-30-2024 0 1	0	1
Closing Notable Events - Set Close Datetime I'm looking to close out (or delete) all notable events that were created prior to a specific date time. The way the... by gbam Explorer in Splunk Enterprise Security 01-28-2024 0 1	0	1
How to setup Monitoring console for ES. What Health Check Item should be watched for. Thank u in advance. What health check items would you configure for Ent. Security app. for general purpose of for Security watch purposes... by SamHTexas Builder in Splunk Enterprise Security 01-27-2024 0 2	0	2