Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
dkolekar_splunk

In Splunk Enterprise Security, how come the Incident review dashboard isn't returning events intermittently?

In the Splunk incident review dashboard, when the customer is clicking on the submit button, they can see the event c...
by dkolekar_splunk Splunk Employee Splunk Employee in Splunk Enterprise Security 11-30-2018
1 1
1
1
HealyManTech

It is possible to group notable events in Incident Review for Splunk Enterprise Security?

I have a couple searches that trigger in Incident Review and I want to group them up by count. And than let the drill...
by HealyManTech Explorer in Splunk Enterprise Security 11-29-2018
1 3
1
3
neely_hpe

How do I change the first and last time to actual timeformat="%y-%m-%d %H:%M"?

I am looking to take the default datamodel search -- | tstats summariesonly max(_time) as lastTime from datamodel=M...
by neely_hpe New Member in Splunk Enterprise Security 11-27-2018
0 1
0
1
ee07b291

Cannot jump to Ad-Hoc AR action result, 'orig_action_name' changed when 'tag=modaction_result' is applied

Splunk Enterprise Version: 7.1.2 Enterprise Security Version: 5.1.0 Build: 12 When testing our AR action addon in e...
by ee07b291 Explorer in Splunk Enterprise Security 11-27-2018
0 5
0
5
qbolbk59

User Not listed in Enterprise Security's Owner list

In my environment, i have configured authentication on Splunk via SAML in our organization. There's one user which is...
by qbolbk59 Path Finder in Splunk Enterprise Security 11-26-2018
0 0
0
0
pl1280

Can you help me with the following Enterprise Security 5.11 Install error?: "Unable to initialize modular input"

I just installed Splunk Enterprise 7.2.0, which shows that it is a supported platform for Enterprise Security 5.11. ...
by pl1280 New Member in Splunk Enterprise Security 11-26-2018
0 1
0
1
theslobb

Splunk Enterprise Security: How do you stop emails from a suppressed alert in a correlation search?

I have a search that monitors alerts created by an IDS. I have begun going through the triggered alerts to suppress t...
by theslobb Explorer in Splunk Enterprise Security 11-21-2018
2 13
2
13
jdobbins_2

How do you create a correlation search in Splunk Enterprise from a simple search of an index?

I have a simple search alert such as (index=A src_user=userA) which uses lookup tables to filter data. I'd like these...
by jdobbins_2 New Member in Splunk Enterprise Security 11-21-2018
0 1
0
1
Crashfry

What is the best way to learn how to use Splunk Enterprise?

So this post is more of a question in relation to how people have gained knowledge of using Splunk Enterprise as well...
by Crashfry Path Finder in Splunk Enterprise Security 11-21-2018
0 10
0
10
shiv1593

How come I'm unable to disable a correlation search nor able to save the changes made on it?

Hi All, This is a two fold question. Specs: Splunk Enterprise Security Version 6.6.1 Problem 1: I'm trying to disa...
by shiv1593 Communicator in Splunk Enterprise Security 11-20-2018
0 3
0
3
mahe90

Splunk Security Essentials : Data Exfiltration

Hi, SSE use case maps to the MITRE ATT&CK tactics. As we can see from MITRE ATT&CK, each tactic has various techni...
by mahe90 Explorer in Splunk Enterprise Security 11-20-2018
1 0
1
0
christopherr_sp

Why can't I see most of the dashboards after migration from ES 4.7.1 to Splunk Enterprise Security 5.1.1?

Splunk Enterprise is migrated from 6.5.3 to 7.1.2 and also Splunk Enterprise Security App has been upgraded from 4.7...
by christopherr_sp Splunk Employee Splunk Employee in Splunk Enterprise Security 11-20-2018
1 1
1
1
yemyslf

REST API "nearby events'

I'm trying to automate a search using the REST API to provide a list of events that occur x seconds before and after ...
by yemyslf Path Finder in Splunk Enterprise Security 11-19-2018
0 2
0
2
chrisschum

Can you help me with a problem i'm having with my pie chart?

So I'm having a strange issue that I'm hoping someone can help me with. I have a pie chart with two goals: 1. Show t...
by chrisschum Path Finder in Splunk Enterprise Security 11-19-2018
1 8
1
8
KumarGB

Can you help me build a query which would generate a list of enabled usecases in Splunk Enterprise Security App along with the last triggered time?

Hey Guys, Could anyone suggest me a query for the below scenario. I need a Splunk query to show the list of enabled...
by KumarGB Explorer in Splunk Enterprise Security 11-18-2018
0 4
0
4
N1cuCom

How come I can't find the Splunk Add-on builder in the Splunk Enterprise Sandbox?

In my Splunk Enterprise sandbox (cloud evaluation), I cannot find the Splunk Add-on Builder app in the Apps > Browse ...
by N1cuCom Explorer in Splunk Enterprise Security 11-16-2018
0 1
0
1
obyazov

An error while exporting a Data Model to Phantom

Hello, I'm trying to export a Data Model from Splunk Free to Phantom using Phantom App. After configuring the necess...
by obyazov New Member in Splunk Enterprise Security 11-15-2018
0 2
0
2
GenericSplunkUs

Perfmon Dashboard/Report Help

Hello All, We've been expanding what gets into Splunk and have added Perfmon data. I'm looking for some documentatio...
by GenericSplunkUs Path Finder in Splunk Enterprise Security 11-15-2018
0 0
0
0
ejwade

How do I create a multivalue field with an eval function?

I need to create a multivalue field using a single eval function. I'm using Splunk Enterprise Security and a number...
by ejwade Contributor in Splunk Enterprise Security 11-14-2018
2 7
2
7
graju89

Splunk ESS index does not have any data

Hi all, I am new to splunk. I have installed splunk ESS(5.2) on search head. Splunk environment has one search head ...
by graju89 Path Finder in Splunk Enterprise Security 11-13-2018
0 5
0
5
shayvd

Same Licence over multiple instances

Hi, We have an enterprise version of Spunk and are running numerous instances of Splunk with LicenceMaster. We have o...
by shayvd New Member in Splunk Enterprise Security 11-13-2018
0 5
0
5
nagaraju_chitta

Can you help me come up with the regex to extract multiple format events?

2018-09-28 14:33:23,Virus found,IP Address: 127.0.0.1,csk name: abcd012018-09-25T09:07:02.240377+00:00 0.0.0.0 Sep 25...
by nagaraju_chitta Path Finder in Splunk Enterprise Security 11-13-2018
0 2
0
2
mwdbhyat

ES Health "unshipped" audit

Hi there, Is the ES health audit upgrade, "unshipped" section entirely accurate? Asking as there have been multiple ...
by mwdbhyat Builder in Splunk Enterprise Security 11-09-2018
0 0
0
0
kokanne

How can I use an inputlookup command to return results that are not limited to one file?

I want to use inputlookup to search only a certain set of hosts. These are in a .csv file. I have the query and it's ...
by kokanne Communicator in Splunk Enterprise Security 11-09-2018
0 1
0
1
SunilMaharishi

Investigation tab Access to user with ess_user role

Hello Team , we have some managers whom i gave access with ess_user role so that they can view dashboards and panel ...
by SunilMaharishi Path Finder in Splunk Enterprise Security 11-08-2018
1 0
1
0
Get Updates on the Splunk Community!

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...
Top Solution Authors
View All