Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
utk123

can I use pingstatus on splunk version 7.x.x?

As per https://splunkbase.splunk.com/app/507/, pingstatus is only supported on Splunk Versions: 6.2, 6.1, 6.0, 5.0. ...
by utk123 Path Finder in Splunk Enterprise Security 08-30-2018
0 2
0
2
christianubeda

TCP/UDP flood src_ip/dest_ip = 0.0.0.0 Why?

Hi team! It's my very first time and I need help. I want to undertands why these IPs are 0.0.0.0 Here the log, ...
by christianubeda Path Finder in Splunk Enterprise Security 08-30-2018
0 0
0
0
manideep6669

How do you make a report of users using 'X' dashboard in Splunk?

Looking for the report of who are using X dashboard in Splunk. Is there any Query for this? Thanks in Advance
by manideep6669 Engager in Splunk Enterprise Security 08-29-2018
0 1
0
1
eputnam

How do I create a search which detects password changes and finds the last time the password was changed?

Hello, I am working on a Splunk search to see which users have changed their passwords more than a specific number o...
by eputnam Engager in Splunk Enterprise Security 08-29-2018
1 2
1
2
jstump1972

Can you help me create a search that returns Audit AD Login\Logoff data?

I need to perform a security audit on a particular user. I need to enter in specific username = example mydomain\ji...
by jstump1972 New Member in Splunk Enterprise Security 08-29-2018
0 0
0
0
jmcclure8

Splunk TA installation location

I am trying to install the Rapid 7 TA. The document doesn't really give any good information. There are no searches, ...
by jmcclure8 New Member in Splunk Enterprise Security 08-29-2018
0 2
0
2
fzuazo

Active Directory - Event ID 4738 - Message Fields

I seem to be having some issues working with AD event ID 4738. Unless I am doing or reading something wrong, one of t...
by fzuazo Path Finder in Splunk Enterprise Security 08-28-2018
1 0
1
0
att35

Splunk ES: Why are all Security Indicators under Threat Activity reporting '0'?

Hi, Under Threat Activity, all the indicators report "0" all the time regardless of the search parameters. When clic...
by att35 Builder in Splunk Enterprise Security 08-28-2018
0 0
0
0
Ohiotech

How to add an extra event field to the ePO query using DB connect 2.4 and ePO 5.3?

Additional information: I'm not confident on the left join syntax, but the query appears to fail before it gets to th...
by Ohiotech Explorer in Splunk Enterprise Security 08-27-2018
0 3
0
3
dcrooks_cbp

In Splunk Enterprise, I use |rest /services/authentication/users/ to get a list of users. How can I do the same in Splunk-ES?

I need a list of admins and also users from Splunk-ES to list in an audit dashboard.
by dcrooks_cbp New Member in Splunk Enterprise Security 08-27-2018
0 7
0
7
daniel333

Does Splunk_TA_microsoft_dns need to be deployed to every domain controller?

All, I am looking at Splunk_TA_microsoft_dns. We deployed it to every domain controller, but I was wondering if we ...
by daniel333 Builder in Splunk Enterprise Security 08-24-2018
0 0
0
0
daniel333

Why is the Splunk Enterprise Security Malware Center not displaying infection counts?

All, I have installed Splunk Enterprise Security (ES) and the Clam AV apps. Searching tag=malware tag=attack works,...
by daniel333 Builder in Splunk Enterprise Security 08-23-2018
0 2
0
2
jadamsplunk

Is there a way to add entire roles as collaborators to an investigation rather than just one at a time?

Hi all, I'm using ES 4.7.3 and as far as I know there is only the option to add collaborators one at a time to an in...
by jadamsplunk Path Finder in Splunk Enterprise Security 08-23-2018
1 0
1
0
Rishabh_McKc

How to onboard System32\winevt\Logs\Microsoft-Windows-DNSServer%4Audit.evtx

In my server I want to onboard DNS Audit logs in addition to DNS Events. DNS Audit logs are getting created in C:\Wi...
by Rishabh_McKc Explorer in Splunk Enterprise Security 08-23-2018
0 3
0
3
teddyidc1101

Splunk ES Incident dashboard not working with Splunk Enterprise 7.1.2

We upgraded our Splunk enterprise to 7.1.2 from 7.0 version in a SH that has Splunk ES version 4.7.2. After the upgr...
by teddyidc1101 Communicator in Splunk Enterprise Security 08-22-2018
0 1
0
1
teddyidc1101

Splunk enterprise security in VM

What is the system requirement for Virtual Machines for installing Splunk Enterprise Security?
by teddyidc1101 Communicator in Splunk Enterprise Security 08-21-2018
0 1
0
1
Splunkuser542

How to capture value between two dates and a time string?

Hi, How can I capture the the text between the first and second date and time strings. Using the example event bel...
by Splunkuser542 Explorer in Splunk Enterprise Security 08-21-2018
0 2
0
2
Ropermark

Aggregate function ignore null values

Hello all, I am new to splunk, By following string i get a graph of risk: index="iniatva_linux" Risk=Critical OR...
by Ropermark New Member in Splunk Enterprise Security 08-21-2018
0 1
0
1
cristiad

Difference between the results from a visualizations and a regular search

Hi there, I have a strange situation. When I'm using a base search into a dashboard, I have displayed only 4 devices...
by cristiad New Member in Splunk Enterprise Security 08-21-2018
0 4
0
4
Stokers_23

AWS SQS - Api calls using http only?

I have configured the AWS Add-On for Splunk and want to ingest logs from an S3 bucket by following the Splunk recomm...
by Stokers_23 Explorer in Splunk Enterprise Security 08-16-2018
1 0
1
0
joeldavideng

What is the best method of calculating variance, Extreme Search or just Stats?

I currently have several behavioral anomaly searches that report users exhibiting authentication behavior that is X n...
by joeldavideng Path Finder in Splunk Enterprise Security 08-15-2018
0 2
0
2
jhall0007

When upgrading to ES 5.1.0 the "Related Events" disappeared.

After upgrading to Splunk 7.1.2 and ES 5.1.0 I no longer see the "Related Events" drilldown option on the incident re...
by jhall0007 Path Finder in Splunk Enterprise Security 08-15-2018
0 4
0
4
jvanbibber

Using Boolean operators in datamodel

I would like to use the Network_Traffic datamodel and exclude all internal source network traffic by using the NOT op...
by jvanbibber New Member in Splunk Enterprise Security 08-15-2018
0 0
0
0
jamesbrock

Getting error when trying to update notables after upgrade from 5.0 to 5.1

After upgrading to 5.1 (and 7.1.2) from 5.0 (and 7.0.2), we are noticing errors when trying to edit notables. Steps ...
by jamesbrock Path Finder in Splunk Enterprise Security 08-13-2018
1 0
1
0
Splunkuser542

How to separate field values from a single field into two unique values?

Hi, Using the following event log which has not been extracted, is it possible to seperate the current 'Name:' fiel...
by Splunkuser542 Explorer in Splunk Enterprise Security 08-11-2018
1 2
1
2
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...
Top Solution Authors
View All