Splunk Enterprise Security

Discussions

Thread Info

Splunk Enterprise Security: How to manually trigger notables?

We had an outage of 2 hours for all Enterprise Security Search Heads. During this period, we missed few notables to "...

by Super Champion in

Why do I receive different results between two different applications?

I have a simple search index=myIndex sourcetype=mySourcetype If I run the search in the Splunk Enterprise Secu...

by Contributor in

Infoblox Sourcetype Branch Failures

We are taking in infoblox logs via syslog and are getting inconsistent results. We have a clustered environment. The ...

by Communicator in

DomainTools App and TA for Splunk: Why am I unable to save credentials?

We use Splunk Enterprise Security (which uses SA-DomainTools) for whois. Our API license and key is therefore already...

by Communicator in

Highlight Repeat Notable Offenders

I'm trying to write a search to highlight users that have caused multiple notables over time. Using the search below,...

by Explorer in

generate CSR certificate in Splunk 6.5

We want to generate a CSR file for sharing with the internal certificate authority do we have any document or steps i...

by Path Finder in

Failed to execute KV Store lookup

Since i upgrdaed splunk enterprise to 5.5.3 and installed Enterprise security app, i am getting following error conti...

by Path Finder in

Not creating notable event in incident review

i have created one correlation search and updated the details for the notable event. But my correlation search is not...

by Path Finder in

Splunk enterprise security input data

I have installed Splunk ES in SH cluster and search head as mentioned in docs. i have also installed add-on in which ...

by Path Finder in

Splunk Enterprise Security App buy

If I buy a splunk 10GB license, will i get the Splunk Enterprise Security App complementary.?

by Explorer in

How to restore Glass Tables - ES Deployment Template

Hi team, We are in Enterprise Security I cleared one of the default Glass Table by mistake. Is there a way to ...

by Contributor in

Rewrite a search using the map command

Hi, I have the following search which I'd like to rewrite if possible without using the map command. The search is...

by Motivator in

ES: incident Review is not showing as expected

Our incident Review board has different view and not functioning as expected due to which we are unable to filter fro...

by Path Finder in

Log DNS Responses from BIND 9.10 for use with Enterprise Security

I am looking for anyone who might know the appropriate BIND logging configuration to capture DNS replies so that we c...

by Communicator in

Splunk Enterprise Security: Can I use correlation search to search for IoC?

Hi all, I am now researching Splunk Enterprise Security. From my understanding, it is an app with some dashboard, ...

by New Member in

Splunk Enterprise Security: After signing up for the ES Sandbox, where is the link to create and edit glass tables?

I just signed up to Splunk Enterprise Security (ES) sandbox but I do not see any links to create glass tables. Where ...

by New Member in

Splunk Enterprise Security: Why can't I create an ad-hoc notable event after upgrade?

We have just upgraded Splunk Enterprise 6.4.1 / Splunk Enterprise Security 4.1.1 to Splunk Enterprise 6.5.2 with Splu...

by Splunk Employee in

Splunk Enterprise Security

Hi, I have installed a splunk enterprise trial and also requested Splunk Enterprise Security. I noticed that when ...

by New Member in

Why do I receive error "Problem in indexer : Problem parsing indexes.conf: default index disabled - quit!" on the indexer?

Hello , I have a distributed architecture of Splunk Search Head with Splunk Enterprise Security and an indexer . I...

by Engager in

is it possible to create a new threat intelligence source with json format in Enterprise Security ?

Hey gents My customer is asking me to create a new threat intelligence source in the Enterprise Security app (vers...

by Builder in

domaintools (whois) alternatives for Enterprise Security

Hi all, Are there any alternatives to domaintools whois API for Enterprise Security integration? A lot of customer...

by Explorer in

How do I get the sessionKey from a Splunk app's serverside python code?

I have created a Splunk app and am sending ajax request to it from the browser. The serverside python code will th...

by Path Finder in

Substituting values from MV fields?

In Enterprise Security, for a drill down action I want to use a field from the notable events, which can have multi v...

by Communicator in

How to set up a SOC with Splunk ?

I have no experience and I need to set up a SOC/NOC with Splunk. Thank you for andurstanding me and helping me.

by New Member in

Splunk Enterprise Security and Splunk 6.5.2: When clicking "Event Actions" button within an expanded event, why do I receive "TypeError: message is undefined" error?

Since upgrading Splunk to 6.5.2, in the Splunk Enterprise Security (ES) search page I get "TypeError: message is unde...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Splunk Enterprise Security: How to manually trigger notables?

Why do I receive different results between two different applications?

Infoblox Sourcetype Branch Failures

DomainTools App and TA for Splunk: Why am I unable to save credentials?

Highlight Repeat Notable Offenders

generate CSR certificate in Splunk 6.5

Failed to execute KV Store lookup

Not creating notable event in incident review

Splunk enterprise security input data

Splunk Enterprise Security App buy

How to restore Glass Tables - ES Deployment Template

Rewrite a search using the map command

ES: incident Review is not showing as expected

Log DNS Responses from BIND 9.10 for use with Enterprise Security

Splunk Enterprise Security: Can I use correlation search to search for IoC?

Splunk Enterprise Security: After signing up for the ES Sandbox, where is the link to create and edit glass tables?

Splunk Enterprise Security: Why can't I create an ad-hoc notable event after upgrade?

Splunk Enterprise Security

Why do I receive error "Problem in indexer : Problem parsing indexes.conf: default index disabled - quit!" on the indexer?

is it possible to create a new threat intelligence source with json format in Enterprise Security ?

domaintools (whois) alternatives for Enterprise Security

How do I get the sessionKey from a Splunk app's serverside python code?

Substituting values from MV fields?

How to set up a SOC with Splunk ?

Splunk Enterprise Security and Splunk 6.5.2: When clicking "Event Actions" button within an expanded event, why do I receive "TypeError: message is undefined" error?

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions