Splunk Enterprise Security

Thread Info

How to resolve replication errors on knowledge bundle size over 200MB due to Splunk Enterprise Security identities and assets?

Hi, I'm looking for some answer and suggestion how I could decrease/workaround the knowledge bundle replication er...

by Path Finder in

How to populate malware_alias with TAXII feeds?

Hello everyone! Does anyone know how can I populate the "malware_alias" field with TAXII/STIX objects? I have trie...

by New Member in

Splunk - Enterprise Security - Disable Splunk Web Messages

How can I selectively disable/suppress Splunk web messages? This one is quite a nuisance and quite obviously a bug of...

by Explorer in

How to find time values that are over 90 days old?

Hi, I have 2 fields I would like to only display **lastLogonTimestamp** values that are over 90 days of the **_tim...

by Path Finder in

How to create matching log with CIM "proxy" data model to see information in ES?

I'm receiving logs from a Barracuda Web Security Gateway into splunk. I've created a field extraction rule inline, ge...

by Explorer in

Is it possible to manually add values to a dashboard panel?

I am trying to count the number of events that I am unable to send to Splunk. I need these in a dashboard where I can...

by New Member in

Retrieve/download the original source file(s) after a search

Is there a way to download the sourcefile in the web interface or does it have to be done through the CLI? If it is d...

by Engager in

How can I compare the bandwidth usage of a specific category to the bandwidth usage of all categories combined?

For some reason I'm hitting a wall on the logic of this search. I'm working with Palo Alto logs and the fields i'm in...

by Path Finder in

Splunk ES: collecting Assets from vCenter

Is there a suggested collection method for Assets (for Splunk ES), from vCenter? I see the page "Collect and extra...

by Explorer in

Error after installnig Splunk Enterprise Security 5.0 Install on 6.3 leads to web integer literal error

I installed 6.3 Splunk Enterprise and then went to install Splunk Enterprise Security 5.0 SPL and after the installat...

by Engager in

Unable to install PhishTank app in Splunk ES

Hi Nimish Doshi, We are unable to install the phish tank app in our splunk instance. We reached to our support tea...

by New Member in

Splunk CIM Validator: Issue Field validation error "no validation regex was found to evaluate"

While validating the varonis logs using Splunk CIM Validator App, I am getting following error "no validation regex w...

by Engager in

Is it possible to resolve remote hostname using most recent DNS query by local hostname?

I'm new to Splunk and it is not quite clear to me how one would assign hostnames to remote computers based on the DNS...

by New Member in

Multple Enterprise Security clusters to one search peer pool

Is it possible to have two instances of ES searching the same search peer pool?

by Explorer in

Splunk ES tutorials and sample data dump

I have used that search tutorials for splunk. Is there any similar one splunk ES?!?! For splunk, there is a tutori...

by SplunkTrust in

Dnstwist full TLD list

This is more of a feature request than a proper question. Is it possible to generate the a full tld list instead ...

by Explorer in

Splunk Add-on for Unix and Linux vs Linux Auditd

Hello, For planned test environment with ES I'm trying to see what fit better to my scenario. I can see that Splun...

by Path Finder in

Filtering non-compliant Machines from forescout logs

We have events feeding into splunk from ForeScout logs (no forescout APP) and i would like to filter it so that only ...

by New Member in

Enterprise Security in Splunk 7.1

There appears to be issues with Splunk Enterprise on Splunk 7.1 Is there a reason that the Incident Review "Urgenc...

by Path Finder in

Using REX field Command How?

06/02/2018 06:00:37 AM LogName=Application SourceName=MSSQLSERVER EventCode=18456 EventType=0 Type=Information Comput...

by New Member in

May I have a help to configure wildcard usage in lookup table?

Hello, I’d like to configure a wildcard usage for a lookup table, but unfortunately I’m not a Splunk guru and prob...

by Communicator in

Splunk CIM mismatch type for tags

Not sure how to fix this, but for some reason the tags showing up in Search > Datasets > Intrusion Detection > IDS A...

by Builder in

Why Splunk CIM does not apply tags but 'Search & Reporting' does?

Within Splunk ES, I have two tags applied based on Event types and cannot for the life of me get it to apply when att...

by Builder in

Why aren't my IDS logs populating the Intrusion Detection data model?

I am using Splunk ES and trying to match my IDS logs to the Intrusion Detection data model. I thought I did all prepa...

by Builder in

Is it possible to use a comparison / conditional functions with a lookup?

Hello, I’d like to create an alert on ransomware detections. I have file events logs and their most important fiel...

by Communicator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Enterprise Security

Discussions

How to resolve replication errors on knowledge bundle size over 200MB due to Splunk Enterprise Security identities and assets?

How to populate malware_alias with TAXII feeds?

Splunk - Enterprise Security - Disable Splunk Web Messages

How to find time values that are over 90 days old?

How to create matching log with CIM "proxy" data model to see information in ES?

Is it possible to manually add values to a dashboard panel?

Retrieve/download the original source file(s) after a search

How can I compare the bandwidth usage of a specific category to the bandwidth usage of all categories combined?

Splunk ES: collecting Assets from vCenter

Error after installnig Splunk Enterprise Security 5.0 Install on 6.3 leads to web integer literal error

Unable to install PhishTank app in Splunk ES

Splunk CIM Validator: Issue Field validation error "no validation regex was found to evaluate"

Is it possible to resolve remote hostname using most recent DNS query by local hostname?

Multple Enterprise Security clusters to one search peer pool

Splunk ES tutorials and sample data dump

Dnstwist full TLD list

Splunk Add-on for Unix and Linux vs Linux Auditd

Filtering non-compliant Machines from forescout logs

Enterprise Security in Splunk 7.1

Using REX field Command How?

May I have a help to configure wildcard usage in lookup table?

Splunk CIM mismatch type for tags

Why Splunk CIM does not apply tags but 'Search & Reporting' does?

Why aren't my IDS logs populating the Intrusion Detection data model?

Is it possible to use a comparison / conditional functions with a lookup?

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions