Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
jeremy_fade

In Splunk Enterprise Security, how do you search for matching events between two groups of IP addresses?

I am trying to search for events that contain one IP from each of the two groups of IP addresses. For instance: inde...
by jeremy_fade New Member in Splunk Enterprise Security 10-28-2018
0 3
0
3
kylemain

How do I use regex to select a string between two colons?

I have a field (myfield) whose values are as follows: "0051: IP: Source IP Address Spoofed (Impossible Packet)" 52...
by kylemain New Member in Splunk Enterprise Security 10-26-2018
0 5
0
5
graju89

How come my Splunk Enterprise security set up has failed?

Hi all, I tried to install a new version of Splunk Enterprise Security. But the set up failed with the error Insta...
by graju89 Path Finder in Splunk Enterprise Security 10-26-2018
0 2
0
2
jswilmoth

CEF Files on Syslog-NG with Universal Forwarder

We use Websense in the Cloud, and their method for retrieving log files is to use a perl script which pulls down the ...
by jswilmoth Engager in Splunk Enterprise Security 10-26-2018
0 1
0
1
chinuakatchy

How do I configure Splunk to monitor network traffic on Juniper devices?

Hello. I want to monitor the network traffic in my Company using Splunk. I have configured Splunk to read syslog t...
by chinuakatchy Explorer in Splunk Enterprise Security 10-25-2018
1 5
1
5
sateeshpawar

How do you encrypt and decrypt whole event data within Splunk?

Hello, I have to Encrypt and Decrypt whole event data within Splunk. **Encrypt -** Our application logs and d...
by sateeshpawar New Member in Splunk Enterprise Security 10-24-2018
0 1
0
1
DSMcL

Multivalue Text Input Fields

I have been struggling to get a multivalue text input field to work. Originally, I had tried this approach: index=<...
by DSMcL New Member in Splunk Enterprise Security 10-23-2018
0 3
0
3
inkachaves

Need Support with Splunk Core Power certification.

NO SUPPORT Provided to me for my power user certification, I only get case numbers but no reply on the same. i am rea...
by inkachaves New Member in Splunk Enterprise Security 10-22-2018
0 0
0
0
evinasco

How can i do a Future Proof for the indexing?

somebody know, how can i do a Future Proof for the indexing? I need to execute an analysis about the growth of index...
by evinasco Communicator in Splunk Enterprise Security 10-22-2018
0 4
0
4
ahmedsamirsa

Is Layer 7 FLow supported by Splunk stream?

I would like to know if Splunk is capable of collecting Layer 7 flow to identify applications by Splunk stream or by ...
by ahmedsamirsa New Member in Splunk Enterprise Security 10-18-2018
0 1
0
1
LukeMurphey

Why won't SplunkWeb start after ES was upgraded?

I upgraded ES to version 5.0.0 but SplunkWeb now won't start. I see error messages like this: 2018-02-20 19:13:50,77...
by LukeMurphey Champion in Splunk Enterprise Security 10-18-2018
2 3
2
3
aquino0

Training Credits Report

Union Bank has training credits and I need to find a report that will show me how many training credits I have availa...
by aquino0 New Member in Splunk Enterprise Security 10-18-2018
0 0
0
0
kunalg

How to differentiate between default reports/dashboards/alerts provided by splunk and one which is modified/customized/created by any user?

I need to export all reports/dashboards created/modified by 7 users (including admin's modified and excluding admin's...
by kunalg Observer in Splunk Enterprise Security 10-18-2018
0 1
0
1
kartreddy4

Error regarding Checkpoint OPSEC LEA

I have installed the splunk Add-on on the Heavyforwarders and when trying to establishing the connection over TCP 181...
by kartreddy4 New Member in Splunk Enterprise Security 10-17-2018
0 2
0
2
Gopi_universal

Is there an alternate app available for SCCM since SCCM App for Splunk is not compatible with 6.4?

We are planning to upgrade our Splunk core from 6.2.2 to 6.4.x and Enterprise Security App as well which has dependen...
by Gopi_universal Engager in Splunk Enterprise Security 10-17-2018
1 7
1
7
ramesh_babu71

How do you access notable event IDs from adaptive response Python code?

Hi, I have a few adaptive responses (AR) which are tagged to run on correlation rule triggering. These Adaptive resp...
by ramesh_babu71 Path Finder in Splunk Enterprise Security 10-17-2018
0 1
0
1
Meena_0627

Palo Alto Adaptive Response from Enterprise Security

Hi, https://answers.splunk.com/answers/589237/splunk-enterprise-security-adaptive-response-actio.html So this is th...
by Meena_0627 New Member in Splunk Enterprise Security 10-17-2018
0 2
0
2
clozach

Can you help me assess the needs of a Splunk environment that lacks proper documentation?

Let's say you get a new job where you'll be working with Splunk. When you come in, you come to realize many aspects o...
by clozach Path Finder in Splunk Enterprise Security 10-17-2018
0 1
0
1
coreylehman

After upgrading from Splunk Enterprise Security 5.1, why am I getting the following error message?

We have two search heads. One of them is a deployment server containing mostly apps and the other is dedicated to Ent...
by coreylehman Engager in Splunk Enterprise Security 10-16-2018
0 1
0
1
cody_richardson

Is the GuardDuty Add-On supported on Splunk Version 7.2?

Is the GuardDuty Add-on officially supported on Splunk version 7.2? If not, are there plans to update it so it is sup...
by cody_richardson Path Finder in Splunk Enterprise Security 10-16-2018
0 2
0
2
sahiltcs

When trying to create a dashboard for Risk Analysis In Splunk Enterprise Security, why am I getting the following error: "the search for datamodel 'Risk' failed to parse"

Hello, I have Splunk enterprise security version 6.5.3.1 and am trying to create a dashboard for Risk Analysis. When...
by sahiltcs Path Finder in Splunk Enterprise Security 10-16-2018
1 9
1
9
maniyavar

what data model Crowdstrike Falcon Intelligence data should be mapped to?

Hi All, I am using https://splunkbase.splunk.com/app/3945 app to pull crowdstrike Falcon intelligence data. what dat...
by maniyavar Explorer in Splunk Enterprise Security 10-15-2018
0 0
0
0
ZimmermanC1

Can you help me figure out why my Splunk 7.2.0 & Enterprise Security 5.1.1 are returning a "Search waiting for input" error?

After updating our Splunk environment from Splunk 7.0.3 & ES 5.0 to Splunk 7.2.0 & Enterprise Security 5.1.1, many of...
by ZimmermanC1 Explorer in Splunk Enterprise Security 10-15-2018
1 4
1
4
asabatini85

Splunk ES "Error occurred during investigation"

Hi Folks, my client recived this error after updated Splunk ES to 5.1.0 Version the error is: Error occurred durin...
by asabatini85 Path Finder in Splunk Enterprise Security 10-15-2018
0 2
0
2
anhdo89

New Power User Exam

Hello, I was wondering if anyone has taken the new power exam for 7.x. What were your thoughts on it? Was it very dif...
by anhdo89 Explorer in Splunk Enterprise Security 10-15-2018
1 4
1
4
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...
Top Solution Authors
View All