Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
daniel333

Can you help me understand why my /var/log/secure useradd field extractions are not working as expected?

All, I have a clean install of Splunk ES with the latest Splunk App For Nix enabled. The Account Management dashboa...
by daniel333 Builder in Splunk Enterprise Security 04-11-2018
0 3
0
3
Hegemon76

Graph displays incorrectly with timechart function

Here is my search string: product=Windows EventCode=645 OR EventCode=4741 | timechart span=1w count | eval Severe=if...
by Hegemon76 Communicator in Splunk Enterprise Security 04-11-2018
0 10
0
10
Hegemon76

Timechart command and changing Visualization colors

Hello, I think I've very close to getting this working.....but having issues with the eval command for some reason? ...
by Hegemon76 Communicator in Splunk Enterprise Security 04-11-2018
0 5
0
5
pfabrizi

Why is the AWS Lookup failing in Splunk Enterprise Security?

I have a customer that is running a search in ES training to use an AWS Account Look up table and it they get The lo...
by pfabrizi Path Finder in Splunk Enterprise Security 04-11-2018
0 2
0
2
teleworm

How to find sources contacting a destination from previous results?

Hi, I have the following search that allows me to internal IPs contacting destinations categorized as CnC in Emergin...
by teleworm New Member in Splunk Enterprise Security 04-11-2018
0 0
0
0
Hegemon76

How to get a list of logins without a count or multiple entries for users logging in?

This is easy and hard to describe. Let's say you have 250 users logging in during the course of the day (this questi...
by Hegemon76 Communicator in Splunk Enterprise Security 04-10-2018
0 2
0
2
daniel333

Anyone able to help me tune my indexes.conf?

All, Sorry guys, don't do this much and the docs are not giving me the warm and fuzzy's about about how to do this....
by daniel333 Builder in Splunk Enterprise Security 04-07-2018
0 1
0
1
john_miller1

Splunk Enterprise Security and Splunk App/Add-on for ServiceNow: How to dreate SNOW incidents from ES incidents?

Using the latest Splunk Entperirse Security and Splunk App/Add-on for ServiceNow. I'm trying to get incidents in ES ...
by john_miller1 Explorer in Splunk Enterprise Security 04-07-2018
1 4
1
4
e_mazza

Why is the CIM and the Enterprise Security not seeing the data correctly in Cisco Firepower eNcore App for Splunk?

Hello, I setup correctly Cisco eStreamer 3.0.0 but I see that is not CIM and Enterprise Security won't see the data ...
by e_mazza New Member in Splunk Enterprise Security 04-06-2018
0 7
0
7
slayervx

Splunk security enterprise (sandbox access: trial version)

Hello, I want to test the sandbox Splunk SE (trial version) for my company, but when i access to the sandbox interfa...
by slayervx New Member in Splunk Enterprise Security 04-06-2018
0 2
0
2
skiptdouglas

Splunk Indexer IOPS

Hello All Im currently trying to size up a indexer and have been told that what is needed is 1200 IOPS per disk . B...
by skiptdouglas New Member in Splunk Enterprise Security 04-06-2018
0 1
0
1
whiteoakway135

Why are events included in one Search Head but not the other when running the same search?

I have a two search head, one indexer environment. One Search Head is dedicated to Splunk Enterprise Security (ES). I...
by whiteoakway135 Engager in Splunk Enterprise Security 04-05-2018
0 3
0
3
Hegemon76

How to aggregate events per host per hour?

Hello, I believe this does not give me what I want but it does at the same time. After events are indexed I'm attemp...
by Hegemon76 Communicator in Splunk Enterprise Security 04-04-2018
0 4
0
4
Hegemon76

Tracking Session Open/Closed

Hello, How could I track if a session is opened but not closed immediately and by track I mean implementing a rule t...
by Hegemon76 Communicator in Splunk Enterprise Security 04-04-2018
0 3
0
3
Earenhart

How to compare columns in an inputlookup and return results that do not match?

Hello, I am trying to build a search that takes an inputlookup file that has 2 columns; One is a list of usernames, ...
by Earenhart Path Finder in Splunk Enterprise Security 04-04-2018
0 3
0
3
mmcg

How to organize my columns, in a table, by urgency for tracking KPI for notable events?

I would like to organize a table for tracking KPI for notable events like so: No. of Critical No. of High No. of Med...
by mmcg Explorer in Splunk Enterprise Security 04-04-2018
1 0
1
0
kannu

How to test Environment for Splunk ES?

Hi Splunkers, I have completed administering Splunk enterprise security two months back and now I need to do some re...
by kannu Communicator in Splunk Enterprise Security 04-03-2018
0 3
0
3
OBsecurity

Splunk Enterprise Security: API 'notable_update' error - Invalid method for this endpoint

Hello! I'm trying to query the notable_update service via api (.../services/notable_update) and get error of - "Inva...
by OBsecurity Explorer in Splunk Enterprise Security 04-03-2018
0 4
0
4
essaksamraj

Splunk ES local setup

Hi, can somebody help me to download the local setup file for Splunk ES.
by essaksamraj New Member in Splunk Enterprise Security 04-03-2018
0 1
0
1
gf13579

Which TA should I use for FortiGate?

Splunk ES includes TA-fortinet 4.7.1. FortiNet maintain Splunk_TA_fortinet_fortigate, currently at v1.5, and whose ...
by gf13579 Communicator in Splunk Enterprise Security 04-02-2018
1 13
1
13
daniel333

Any challenges running Splunk ES without admin I should be aware of?

All, Per a request from our security team, I moved Splunk to LDAP only and blasted the local admin account. But ES ...
by daniel333 Builder in Splunk Enterprise Security 03-30-2018
0 1
0
1
manideep6669

How to assign roles to X team if model User doesn't have access to that Index?

How to assign roles to X team if model User doesn't have access to that Index? How to search those roles in Model Use...
by manideep6669 Engager in Splunk Enterprise Security 03-28-2018
1 0
1
0
daniel333

What are all the URLs I need to open Splunk Enterprise Security up to for its default threat lists?

All, Anyone have a list of all the URL's IPs I need to open Splunk Enterprise Security up to for its threat lists? ...
by daniel333 Builder in Splunk Enterprise Security 03-28-2018
1 3
1
3
manideep6669

How to resolve the problem when disc full in prod ES SHC members?

Disc space is almost full i.e., 96% How to resolve this problem? What to do if my Mount Point is full? Any Linux Comm...
by manideep6669 Engager in Splunk Enterprise Security 03-27-2018
1 0
1
0
rotundwizard

Using Inputlookup to Eliminate Search Results

Been banging my head on this and need some assistance. Trying to use a csv to eliminate some search results with no s...
by rotundwizard Explorer in Splunk Enterprise Security 03-26-2018
0 7
0
7
Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...
Top Solution Authors
View All