Splunk Enterprise Security

Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
karthikmalla

Sub search return value that's not in main search

I have a Splunk sub search similar to index=index1 type="example" [ search index=index2 type="other" | eval nowtime...
by karthikmalla Explorer in Splunk Enterprise Security 07-09-2018
0 5
0
5
3DGjos

need help with multivalue fields for chmod and find linux commands

Good evening, I'm having trouble parsing this events as multivalue fields: Jun 18 01:05:00 : oracle : command not a...
by 3DGjos Communicator in Splunk Enterprise Security 07-09-2018
0 3
0
3
andresito123

Remove Search Head roles from an Indexer

Hello to the community! I was wondering if there is any best practices regarding the removal of Search Head role fro...
by andresito123 Communicator in Splunk Enterprise Security 07-06-2018
0 3
0
3
ranjitbrhm1

IS IIS and Apache logs of any use in enterprise security

I was looking at our enterprise security and wondering weather IIS or apache logs are playing any significant role i...
by ranjitbrhm1 Communicator in Splunk Enterprise Security 07-06-2018
0 0
0
0
btiggemann

Why are fields not being extracted running TA-squid with the Splunk App for Enterprise Security?

Hi all, I am struggling with the field extractions in TA-squid. I have tried the TA-squid with Splunk 6.0 (which is...
by btiggemann Path Finder in Splunk Enterprise Security 07-05-2018
0 2
0
2
jsimpson

Fortigate Active resposne

Does anyone have any experience of the Fortigate active response - https://splunkbase.splunk.com/app/3444/ If so do ...
by jsimpson New Member in Splunk Enterprise Security 07-05-2018
0 0
0
0
CryoHydra

ES - Notables | fetch correlated/contributing events for the triggered time in search app

Hi, In incident review dashboard i have assigned some notables to me, instead of reviewing one by one i wanted to re...
by CryoHydra Path Finder in Splunk Enterprise Security 07-04-2018
0 0
0
0
saurabh_tek11

"notable events over time" panel is lagging behind the time

I want to understand the irregular behaviour of output displays for "notable events over time" panel in ES. Right no...
by saurabh_tek11 Communicator in Splunk Enterprise Security 07-04-2018
0 0
0
0
bc00509354

How to integrate BMC remedy asset management tool with splunk

Hi, We have Splunk Enterprise 7.0.1 and BMC remedy 8.0 and wanted to integrate remedy asset management module with sp...
by bc00509354 New Member in Splunk Enterprise Security 07-04-2018
0 0
0
0
tlmayes

Enterprise Security admin privileges, why

We have a growing Splunk environment with one ES SH, and a SH cluster. We have an MSS that is going to manage our E...
by tlmayes Contributor in Splunk Enterprise Security 07-03-2018
0 2
0
2
pradeep577

whitelist user account or windows service

Hi, Is it possible to whitelist windows service(xyz.EXE) traffic in splunk or should I whitelist user account?
by pradeep577 Path Finder in Splunk Enterprise Security 07-02-2018
0 0
0
0
sidhantbhayana

How to maintain lookups?

I am analyzing our Splunk set-up and was going through the lookups, need suggestions on the best strategy to maintain...
by sidhantbhayana Path Finder in Splunk Enterprise Security 07-01-2018
0 2
0
2
bidemiologunde

Multivalue fields correlation

How can I search for multiple values present in different fields? For example, I have fields titled FinalPurchases an...
by bidemiologunde Engager in Splunk Enterprise Security 06-30-2018
1 4
1
4
cogden

Is there a way to modify an inputlookup subsearch from an implied equals operator to an "IN" operator?

I have a subsearch doing "| inputlookup" against a CSV... the implied operator is equals. "Column/Field = Cell Value"...
by cogden Engager in Splunk Enterprise Security 06-30-2018
0 2
0
2
kevinleeV

OpenLDAP add-on fields extraction

I recently installed openldap add-on on both splunk cloud instance and splunk enterprise security instance https://s...
by kevinleeV New Member in Splunk Enterprise Security 06-29-2018
0 6
0
6
johant

Splunk architectural design - global search head

Hi, I need someone to shed me some light on what is the best approach for me on changing my splunk architecture. Cur...
by johant Explorer in Splunk Enterprise Security 06-28-2018
0 1
0
1
mrtolu6

How to access Threat Grid thru workflow action in Enterprise Security

Looking for a way to create a workflow action in ES, to research URL and IP addresses.
by mrtolu6 Path Finder in Splunk Enterprise Security 06-28-2018
0 0
0
0
jamesbanach

Feature Request: Pivot to Search App or Dashboard.

Feature Request: Pivot to Search App or Dashboard. This would allow to leverage already created dashboards and ope...
by jamesbanach New Member in Splunk Enterprise Security 06-26-2018
0 0
0
0
Ghanayem1974

How to get diff between previous day vs current?

the below search provides me info on failed logins for the past month, for example the last four fridays now i want t...
by Ghanayem1974 Path Finder in Splunk Enterprise Security 06-26-2018
0 1
0
1
ahmar74

how to create a threshold alert based on previous data?

I started off with the following search which gives me failed authentication to cisco acs on a daily basis, now i wan...
by ahmar74 Explorer in Splunk Enterprise Security 06-26-2018
1 9
1
9
thiru179

I am trying to integrate couple of security devices with Splunk, if any body does this already, please let me know the integration process and version compatibility for vendor software.

Does anybody integrated Imperva DAM with Splunk? if yes what is the process and version compatibility with Splunk? Do...
by thiru179 New Member in Splunk Enterprise Security 06-25-2018
0 5
0
5
andrewaalin

Does Splunk ES live entirely within etc/apps?

Is there any component that makes Splunk ES tick, which isn't inside the directory etc/apps?
by andrewaalin Explorer in Splunk Enterprise Security 06-25-2018
0 1
0
1
CodyQ

Comparison chart of data indexed per index over one week

Greetings Splunkers, My question is two fold. I'm in need of an SPL that will show how much data was indexed per i...
by CodyQ Explorer in Splunk Enterprise Security 06-25-2018
0 2
0
2
AGLbwa

Using certificate-based auth for a TAXII Threat Intel download?

I notice that Splice was deprecated as ES (allegedly) did everything Splice did, however one thing Splice supported t...
by AGLbwa Path Finder in Splunk Enterprise Security 06-23-2018
0 3
0
3
btanjialih

modular_actions_invocations macro

Hi all, Does anyone have any knowledge or understanding with the macro "modular_actions_invocations(2)"? This is a m...
by btanjialih Explorer in Splunk Enterprise Security 06-21-2018
0 2
0
2
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...
Top Solution Authors
View All