Splunk Enterprise Security

Community Activity

Remove Search Head roles from an Indexer Hello to the community! I was wondering if there is any best practices regarding the removal of Search Head role fro... by andresito123 Communicator in Splunk Enterprise Security 07-06-2018 0 3	0	3
IS IIS and Apache logs of any use in enterprise security I was looking at our enterprise security and wondering weather IIS or apache logs are playing any significant role i... by ranjitbrhm1 Communicator in Splunk Enterprise Security 07-06-2018 0 0	0	0
Why are fields not being extracted running TA-squid with the Splunk App for Enterprise Security? Hi all, I am struggling with the field extractions in TA-squid. I have tried the TA-squid with Splunk 6.0 (which is... by btiggemann Path Finder in Splunk Enterprise Security 07-05-2018 0 2	0	2
Fortigate Active resposne Does anyone have any experience of the Fortigate active response - https://splunkbase.splunk.com/app/3444/ If so do ... by jsimpson New Member in Splunk Enterprise Security 07-05-2018 0 0	0	0
ES - Notables \| fetch correlated/contributing events for the triggered time in search app Hi, In incident review dashboard i have assigned some notables to me, instead of reviewing one by one i wanted to re... by CryoHydra Path Finder in Splunk Enterprise Security 07-04-2018 0 0	0	0
"notable events over time" panel is lagging behind the time I want to understand the irregular behaviour of output displays for "notable events over time" panel in ES. Right no... by saurabh_tek11 Communicator in Splunk Enterprise Security 07-04-2018 0 0	0	0
How to integrate BMC remedy asset management tool with splunk Hi, We have Splunk Enterprise 7.0.1 and BMC remedy 8.0 and wanted to integrate remedy asset management module with sp... by bc00509354 New Member in Splunk Enterprise Security 07-04-2018 0 0	0	0
Enterprise Security admin privileges, why We have a growing Splunk environment with one ES SH, and a SH cluster. We have an MSS that is going to manage our E... by tlmayes Contributor in Splunk Enterprise Security 07-03-2018 0 2	0	2
whitelist user account or windows service Hi, Is it possible to whitelist windows service(xyz.EXE) traffic in splunk or should I whitelist user account? by pradeep577 Path Finder in Splunk Enterprise Security 07-02-2018 0 0	0	0
How to maintain lookups? I am analyzing our Splunk set-up and was going through the lookups, need suggestions on the best strategy to maintain... by sidhantbhayana Path Finder in Splunk Enterprise Security 07-01-2018 0 2	0	2
Multivalue fields correlation How can I search for multiple values present in different fields? For example, I have fields titled FinalPurchases an... by bidemiologunde Engager in Splunk Enterprise Security 06-30-2018 1 4	1	4
Is there a way to modify an inputlookup subsearch from an implied equals operator to an "IN" operator? I have a subsearch doing "\| inputlookup" against a CSV... the implied operator is equals. "Column/Field = Cell Value"... by cogden Engager in Splunk Enterprise Security 06-30-2018 0 2	0	2
OpenLDAP add-on fields extraction I recently installed openldap add-on on both splunk cloud instance and splunk enterprise security instance https://s... by kevinleeV New Member in Splunk Enterprise Security 06-29-2018 0 6	0	6
Splunk architectural design - global search head Hi, I need someone to shed me some light on what is the best approach for me on changing my splunk architecture. Cur... by johant Explorer in Splunk Enterprise Security 06-28-2018 0 1	0	1
How to access Threat Grid thru workflow action in Enterprise Security Looking for a way to create a workflow action in ES, to research URL and IP addresses. by mrtolu6 Path Finder in Splunk Enterprise Security 06-28-2018 0 0	0	0
Feature Request: Pivot to Search App or Dashboard. Feature Request: Pivot to Search App or Dashboard. This would allow to leverage already created dashboards and ope... by jamesbanach New Member in Splunk Enterprise Security 06-26-2018 0 0	0	0
How to get diff between previous day vs current? the below search provides me info on failed logins for the past month, for example the last four fridays now i want t... by Ghanayem1974 Path Finder in Splunk Enterprise Security 06-26-2018 0 1	0	1
how to create a threshold alert based on previous data? I started off with the following search which gives me failed authentication to cisco acs on a daily basis, now i wan... by ahmar74 Explorer in Splunk Enterprise Security 06-26-2018 1 9	1	9
I am trying to integrate couple of security devices with Splunk, if any body does this already, please let me know the integration process and version compatibility for vendor software. Does anybody integrated Imperva DAM with Splunk? if yes what is the process and version compatibility with Splunk? Do... by thiru179 New Member in Splunk Enterprise Security 06-25-2018 0 5	0	5
Does Splunk ES live entirely within etc/apps? Is there any component that makes Splunk ES tick, which isn't inside the directory etc/apps? by andrewaalin Explorer in Splunk Enterprise Security 06-25-2018 0 1	0	1
Comparison chart of data indexed per index over one week Greetings Splunkers, My question is two fold. I'm in need of an SPL that will show how much data was indexed per i... by CodyQ Explorer in Splunk Enterprise Security 06-25-2018 0 2	0	2
Using certificate-based auth for a TAXII Threat Intel download? I notice that Splice was deprecated as ES (allegedly) did everything Splice did, however one thing Splice supported t... by AGLbwa Path Finder in Splunk Enterprise Security 06-23-2018 0 3	0	3
modular_actions_invocations macro Hi all, Does anyone have any knowledge or understanding with the macro "modular_actions_invocations(2)"? This is a m... by btanjialih Explorer in Splunk Enterprise Security 06-21-2018 0 2	0	2
alert triggered but ip not available in csv Hello Folks, I have enabled a notable in ES_app, which triggers if it finds any ip available from local_ip_intel.csv... by srisahitya_v Communicator in Splunk Enterprise Security 06-21-2018 1 0	1	0
Complex RegEx Capturing Group Assistance Complex RegEx Capturing Group Assistance I have a couple similar cases where I am struggling to get the desired fiel... by draracle Engager in Splunk Enterprise Security 06-21-2018 0 4	0	4