Splunk Enterprise Security

Community Activity

New Power User Exam Hello, I was wondering if anyone has taken the new power exam for 7.x. What were your thoughts on it? Was it very dif... by anhdo89 Explorer in Splunk Enterprise Security 10-15-2018 1 4	1	4
Can you help me with Http Event Collector (HEC) forwarding via alert? Hi Guys, Doing some forwarding of events using the HEC. So far it looks like this: Events come in from source(forwa... by mwdbhyat Builder in Splunk Enterprise Security 10-15-2018 0 2	0	2
Insecure or Cleartext Authentication event received on siem Insecure or Cleartext Authentication event received on siem why is this event occurring and what's the process to mi... by pritismit New Member in Splunk Enterprise Security 10-12-2018 0 1	0	1
When will Splunk support blockchains like Bitcoin and Cardano? When will Splunk support blockchains? In a way that Splunk can store and lookup (encrypted) hashes of data in a firs... by flippyflink New Member in Splunk Enterprise Security 10-12-2018 0 2	0	2
Can you help me troubleshoot the Splunk Enterprise Security (ES) correlation search called Anomalous New Process? All, I am troubleshooting the built in notable "Anomalous New Process" that comes with Splunk ES on version 5.1.1. ... by daniel333 Builder in Splunk Enterprise Security 10-11-2018 0 3	0	3
How can I see what Searches/Stories from "ES Content Update" App are viable in my environment? I need something programatic to sort through the hundreds and hundreds of searches. by woodcock Esteemed Legend in Splunk Enterprise Security 10-11-2018 1 2	1	2
Applying the built in Splunk ES Threat Intel feeds to a newly imported .CSV Sourcetype. I would like to use Splunk ES's built in Threat Feeds to further identify malicious IP Addresses within a .CSV. While... by sampsoc New Member in Splunk Enterprise Security 10-10-2018 0 0	0	0
How do I restrict permission on a particular source inside of an index instead of from the whole index? Hi I have an index named "xyz" and inside that, I have data from different sources (a,b,c etc). I want to restrict ... by akchauhan Explorer in Splunk Enterprise Security 10-10-2018 0 4	0	4
Is it possible to use splunk to automate account unlocking but limit it to a set number of times? My use case is that we pay a vendor to do unlocks after hours for us. I do not want to turn on the AD setting to unlo... by dschneider Engager in Splunk Enterprise Security 10-10-2018 1 0	1	0
Why is threat intel artifact not getting the same count as uploaded CSV? Hi, I have uploaded a CSV file in Threat Intelligence Uploads with different data types like ip_intel, email_intel e... by snigdhasaxena Communicator in Splunk Enterprise Security 10-09-2018 0 0	0	0
Splunk Enterprise Security: Why am I unable to find Threat Intellegence data after successful URL download? Greetings and thanks for the looking at this question. I have a Splunk server in an air-gapped environment and I'm t... by jonathangrant74 Explorer in Splunk Enterprise Security 10-09-2018 4 1	4	1
How do I build a search that compares 2 different indexes with 2 identical values? Hi guys, I need to build a search that compares 2 different indexes. search 1 - index=indexname1 suser=username act... by itzikshviro Explorer in Splunk Enterprise Security 10-08-2018 0 2	0	2
How to filter query results by a lookuptable containing regex's? I am trying to filter query results based on regex. They are stored within a lookuptable like this: path /etc/g... by mertox Explorer in Splunk Enterprise Security 10-06-2018 1 9	1	9
Why are users able to view data in index by directly clicking the search link even though they don't have permission on that index? We observed a security loophole in Splunk Enterprise Security. We have restricted permission on "Y" index in Splunk t... by akchauhan Explorer in Splunk Enterprise Security 10-06-2018 0 1	0	1
Can you help me create a dashboard with field dependency and action state modifications? I am attempting to create a dashboard that has a couple input fields with one being dependent on the other. The inde... by JeffBothel Explorer in Splunk Enterprise Security 10-05-2018 0 1	0	1
Can you help me with the following regex expression? I have been reviewing answers from this forum & Splunk doc but I can't seem to find out why my rex command keeps thro... by tmwhitm New Member in Splunk Enterprise Security 10-05-2018 0 7	0	7
How do I modify the raw data location in Enterprise Security alert output? Hello All! I'm currently in the process of going over our correlation rules and outputs. I've reached a point in Ent... by donaldmayo New Member in Splunk Enterprise Security 10-05-2018 0 0	0	0
How do I push or pull from Enterprise Security notable events? I have a scenario which I can explain with an example. I am implementing a 3rd party service which takes action based... by alpsholic Explorer in Splunk Enterprise Security 10-04-2018 0 3	0	3
trying to do join between same column name ,expect to get only the result if the site ID is equal? this is my table: moduleName siteName companyDUNS siteID abc site1 1111 16682 bbb ... by Avichai New Member in Splunk Enterprise Security 10-04-2018 0 4	0	4
How do you customize colors in a bar chart? I have been trying to customize the color of bars in a Bar chart as per the field values. I have tried using eval/if... by snigdhasaxena Communicator in Splunk Enterprise Security 10-03-2018 0 2	0	2
Can someone please update the page for the Splunk TA for Oracle compatibility? Dear Splunk, I just went to the Splunk TA for Oracle app page and it said that it was CIM-compatible and it is in th... by BlueSocket Contributor in Splunk Enterprise Security 10-02-2018 0 0	0	0
Can you help me with an extreme search problem I'm having on Splunk Enterprise Security? Dynamic threshold for the Concept: min, low, high, extreme. Are there numerical values in each of the semantic terms?... by chrischen2018 New Member in Splunk Enterprise Security 09-30-2018 0 0	0	0
Help creating a table that shows Incident Review Mean Time to Triage Greetings, I'm trying to create a table depicting something similar to the following: Notabel Arrived Urgency... by CodyQ Explorer in Splunk Enterprise Security 09-29-2018 0 5	0	5
Splunk App for PCI Compliance: Why is the indexer not reporting to the app? We are implementing the Splunk PCI app and the indexer is supposed to be in PCI app and report to the PCI app. Howev... by amulay26 Path Finder in Splunk Enterprise Security 09-27-2018 0 1	0	1
What is the price for Splunk User Certification? Hi, I was under the impression that the certified user exam was free to take, but I am being charge $150 to sit it,... by lewisedmunds New Member in Splunk Enterprise Security 09-27-2018 0 2	0	2

Get Updates on the Splunk Community!

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

Thursday, June 25, 2026 | 11AM PDT / 2PM EDT Duration: 1 Hour (Includes live Q&A) Register to ...

Analytics Workspace deprecation

As of Splunk Cloud Platform 10.4.2604 and Splunk Enterprise 10.4, Analytics Workspace is now deprecated. ...

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Splunk Developer Day brought the Splunk developer community together for a practical look at what it means to ...

Splunk Enterprise Security

New Power User Exam

Can you help me with Http Event Collector (HEC) forwarding via alert?

Insecure or Cleartext Authentication event received on siem

When will Splunk support blockchains like Bitcoin and Cardano?

Can you help me troubleshoot the Splunk Enterprise Security (ES) correlation search called Anomalous New Process?

How can I see what Searches/Stories from "ES Content Update" App are viable in my environment?

Applying the built in Splunk ES Threat Intel feeds to a newly imported .CSV Sourcetype.

How do I restrict permission on a particular source inside of an index instead of from the whole index?

Is it possible to use splunk to automate account unlocking but limit it to a set number of times?

Why is threat intel artifact not getting the same count as uploaded CSV?

Splunk Enterprise Security: Why am I unable to find Threat Intellegence data after successful URL download?

How do I build a search that compares 2 different indexes with 2 identical values?

How to filter query results by a lookuptable containing regex's?

Why are users able to view data in index by directly clicking the search link even though they don't have permission on that index?

Can you help me create a dashboard with field dependency and action state modifications?

Can you help me with the following regex expression?

How do I modify the raw data location in Enterprise Security alert output?

How do I push or pull from Enterprise Security notable events?

trying to do join between same column name ,expect to get only the result if the site ID is equal?

How do you customize colors in a bar chart?

Can someone please update the page for the Splunk TA for Oracle compatibility?

Can you help me with an extreme search problem I'm having on Splunk Enterprise Security?

Help creating a table that shows Incident Review Mean Time to Triage

Splunk App for PCI Compliance: Why is the indexer not reporting to the app?

What is the price for Splunk User Certification?

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

Analytics Workspace deprecation

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Research Study on MITRE ATT&CK Classification Cons...

Splunk Add-on for ServiceNow Endpoint Configuratio...

Splunk enterprise security export content in SHC t...

add enrichment in splunk ES8

mc_investigations data is not populated - ES 8.3

Splunk Enterprise Security

Join the Conversation