Splunk Enterprise Security

Thread Info

Difference between the results from a visualizations and a regular search

Hi there, I have a strange situation. When I'm using a base search into a dashboard, I have displayed only 4 devic...

by New Member in

AWS SQS - Api calls using http only?

I have configured the AWS Add-On for Splunk and want to ingest logs from an S3 bucket by following the Splunk recomme...

by Explorer in

What is the best method of calculating variance, Extreme Search or just Stats?

I currently have several behavioral anomaly searches that report users exhibiting authentication behavior that is X n...

by Path Finder in

When upgrading to ES 5.1.0 the "Related Events" disappeared.

After upgrading to Splunk 7.1.2 and ES 5.1.0 I no longer see the "Related Events" drilldown option on the incident re...

by Path Finder in

Using Boolean operators in datamodel

I would like to use the Network_Traffic datamodel and exclude all internal source network traffic by using the NOT op...

by New Member in

Getting error when trying to update notables after upgrade from 5.0 to 5.1

After upgrading to 5.1 (and 7.1.2) from 5.0 (and 7.0.2), we are noticing errors when trying to edit notables. Steps t...

by Path Finder in

How to separate field values from a single field into two unique values?

Hi, Using the following event log which has not been extracted, is it possible to seperate the current 'Name:' fi...

by Explorer in

How to make a report of unsuccessful connection attempts

Hello I'm new to this community and my first question is this: How to make a report of unsuccessful connection attemp...

by Engager in

How can I do a graph with multiple data?

Hi team! It's my very first time here and I need a bit of help! I want to make a graph with multiple lanes. ...

by Path Finder in

ES Asset and Identity lookups only support a single pipe delimited field...???

Here is the link to the documentation page for the ES Asset and Identities lookups: http://docs.splunk.com/Documen...

by Builder in

Why my Network Dashboard wont load data on Splunk Enterprise Security?

I am setting Splunk ES and sending data from Fortinet. Data is well parsed and CIM compatible however Network dashboa...

by Communicator in

How can I filter and track events from users accessing organizations laptop in foreign countries.

Hello, I am new to splunk and I need help BIG TIME. I have been struggling to write a search that can filter e...

by New Member in

Delete notable event history?

All, How can I delete the notable event history? Nothing in there I care about. We had a few were testing and now...

by Builder in

How to filter logs in Windows Server to decrease the quota of data in Splunk Enterprise Security (ES)?

I using Splunk ES and I need filter logs in Windows Server(probably 200 servers) to decrease the quota of data. In Wi...

by Path Finder in

Why is there a following error in 'lookup' command "Lookups: The lookup table 'event_time_field=temp_time' does not exist or is not available"?

Evidently this is well-known in support circles but not on the internet yet, so I am sharing my pain for your gain. W...

by Esteemed Legend in

Context is not updated for the 'Substantial Increase in Port Activity' ES Correlation Search

The search "Network - Port Activity By Destination Port - Gen Context" returns more than 65000 dest_port, however the...

by Engager in

Need to delete a knowledge object for extremesearch

created context using step 4 in link https://docs.splunk.com/Documentation/ES/5.1.0/Admin/Extremesearchexample and we...

by Splunk Employee in

How to access data from a Lookup table in another app to a custom dashboard in ES?

Trying to access data from a lookup table in another app (TA_recordedfuture-cyber) to a custom dashboard we've create...

by Path Finder in

Getting hundreds of credit card numbers from Splunk PII corelation search in enterprise security, wondering if this is false positive or do we actually collect these CC numbers inadvertently

I am getting CC issuer names (Visa, master, discover etc.) and also numbers and wondering if this is actual data or i...

by Communicator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Enterprise Security

Discussions

Difference between the results from a visualizations and a regular search

AWS SQS - Api calls using http only?

What is the best method of calculating variance, Extreme Search or just Stats?

When upgrading to ES 5.1.0 the "Related Events" disappeared.

Using Boolean operators in datamodel

Getting error when trying to update notables after upgrade from 5.0 to 5.1

How to separate field values from a single field into two unique values?

How to make a report of unsuccessful connection attempts

How can I do a graph with multiple data?

ES Asset and Identity lookups only support a single pipe delimited field...???

Why my Network Dashboard wont load data on Splunk Enterprise Security?

How can I filter and track events from users accessing organizations laptop in foreign countries.

Delete notable event history?

How to filter logs in Windows Server to decrease the quota of data in Splunk Enterprise Security (ES)?

Why is there a following error in 'lookup' command "Lookups: The lookup table 'event_time_field=temp_time' does not exist or is not available"?

Context is not updated for the 'Substantial Increase in Port Activity' ES Correlation Search

Need to delete a knowledge object for extremesearch

How to access data from a Lookup table in another app to a custom dashboard in ES?

Getting hundreds of credit card numbers from Splunk PII corelation search in enterprise security, wondering if this is false positive or do we actually collect these CC numbers inadvertently

ASP Net Core 2.1 App throws intermittent SSL error while logging to Splunk

Splunk Enterprise Security 5.0 warning messages

Infoblox CIM unknown fields

Inputlookup Form

Splunk ES Error Message

Get daily license usage from remote search head

Announcing the Expansion of the Splunk Academic Alliance Program

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Saved Search in Source Code