Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to onboard System32\winevt\Logs\Microsoft-Windows-DNSServer%4Audit.evtx

In my server I want to onboard DNS Audit logs in addition to DNS Events. DNS Audit logs are getting created in C:\Wi...

by Explorer in

Splunk ES Incident dashboard not working with Splunk Enterprise 7.1.2

We upgraded our Splunk enterprise to 7.1.2 from 7.0 version in a SH that has Splunk ES version 4.7.2. After the upgr...

by Communicator in

Splunk enterprise security in VM

What is the system requirement for Virtual Machines for installing Splunk Enterprise Security?

by Communicator in

How to capture value between two dates and a time string?

Hi, How can I capture the the text between the first and second date and time strings. Using the example event...

by Explorer in

Aggregate function ignore null values

Hello all, I am new to splunk, By following string i get a graph of risk: index="iniatva_linux" Risk=Criti...

by New Member in

Difference between the results from a visualizations and a regular search

Hi there, I have a strange situation. When I'm using a base search into a dashboard, I have displayed only 4 devic...

by New Member in

AWS SQS - Api calls using http only?

I have configured the AWS Add-On for Splunk and want to ingest logs from an S3 bucket by following the Splunk recomme...

by Explorer in

What is the best method of calculating variance, Extreme Search or just Stats?

I currently have several behavioral anomaly searches that report users exhibiting authentication behavior that is X n...

by Path Finder in

When upgrading to ES 5.1.0 the "Related Events" disappeared.

After upgrading to Splunk 7.1.2 and ES 5.1.0 I no longer see the "Related Events" drilldown option on the incident re...

by Path Finder in

Using Boolean operators in datamodel

I would like to use the Network_Traffic datamodel and exclude all internal source network traffic by using the NOT op...

by New Member in

Getting error when trying to update notables after upgrade from 5.0 to 5.1

After upgrading to 5.1 (and 7.1.2) from 5.0 (and 7.0.2), we are noticing errors when trying to edit notables. Steps t...

by Path Finder in

How to separate field values from a single field into two unique values?

Hi, Using the following event log which has not been extracted, is it possible to seperate the current 'Name:' fi...

by Explorer in

How to make a report of unsuccessful connection attempts

Hello I'm new to this community and my first question is this: How to make a report of unsuccessful connection attemp...

by Engager in

How can I do a graph with multiple data?

Hi team! It's my very first time here and I need a bit of help! I want to make a graph with multiple lanes. ...

by Path Finder in

ES Asset and Identity lookups only support a single pipe delimited field...???

Here is the link to the documentation page for the ES Asset and Identities lookups: http://docs.splunk.com/Documen...

by Builder in

Why my Network Dashboard wont load data on Splunk Enterprise Security?

I am setting Splunk ES and sending data from Fortinet. Data is well parsed and CIM compatible however Network dashboa...

by Communicator in

How can I filter and track events from users accessing organizations laptop in foreign countries.

Hello, I am new to splunk and I need help BIG TIME. I have been struggling to write a search that can filter e...

by New Member in

Delete notable event history?

All, How can I delete the notable event history? Nothing in there I care about. We had a few were testing and now...

by Builder in

How to filter logs in Windows Server to decrease the quota of data in Splunk Enterprise Security (ES)?

I using Splunk ES and I need filter logs in Windows Server(probably 200 servers) to decrease the quota of data. In Wi...

by Path Finder in

Why is there a following error in 'lookup' command "Lookups: The lookup table 'event_time_field=temp_time' does not exist or is not available"?

Evidently this is well-known in support circles but not on the internet yet, so I am sharing my pain for your gain. W...

by Esteemed Legend in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

How to onboard System32\winevt\Logs\Microsoft-Windows-DNSServer%4Audit.evtx

Splunk ES Incident dashboard not working with Splunk Enterprise 7.1.2

Splunk enterprise security in VM

How to capture value between two dates and a time string?

Aggregate function ignore null values

Difference between the results from a visualizations and a regular search

AWS SQS - Api calls using http only?

What is the best method of calculating variance, Extreme Search or just Stats?

When upgrading to ES 5.1.0 the "Related Events" disappeared.

Using Boolean operators in datamodel

Getting error when trying to update notables after upgrade from 5.0 to 5.1

How to separate field values from a single field into two unique values?

How to make a report of unsuccessful connection attempts

How can I do a graph with multiple data?

ES Asset and Identity lookups only support a single pipe delimited field...???

Why my Network Dashboard wont load data on Splunk Enterprise Security?

How can I filter and track events from users accessing organizations laptop in foreign countries.

Delete notable event history?

How to filter logs in Windows Server to decrease the quota of data in Splunk Enterprise Security (ES)?

Why is there a following error in 'lookup' command "Lookups: The lookup table 'event_time_field=temp_time' does not exist or is not available"?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Enterprise Security - Correlation Search - Notable...

Enterprise Security Incident Review Default Filter...

Threat Intelligence Management - Wrong threat matc...

Can someone recommend a threat intel feed of malic...

Migrating Splunk Enterprise Security from VM to ne...