Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Identies question

Hello, I've set up an identity lookup using ldapsearch - it creates an identity of "username" that contains various...

by Explorer in

Splunk Enterprise Security: Issue found in "SA-IdentityManagement" : Identity - Asset CIDR Matches - Lookup Gen

Hello, We have issues to merge our dhcp_asset_list (made of dns record, mac and ip address) into the Asset & Ident...

by Path Finder in

threat intelligence upload not working too

i get this error when upload a csv file with 2 column that included id number and maliciuos domain but when i go to t...

by Path Finder in

Threat intelligence issue

After reviewing the Intelligence Audit Events, the following error message shows up, it seems that the feed cannot wr...

by Loves-to-Learn Lots in

Splunk Security Essentials

I've downloaded the splunk security essential files all into my laptop, but I can't figure out how to upload into int...

by New Member in

need spl into datamodel search

Hi,Need below search into a web datmodel search index=es_web action=blocked host= * sourcetype= *| stats count by cat...

by Builder in

Need changes to the datamodel search

Hi, I aimed to merge the "dropped" and "blocked" values under the "IDS_Attacks.action" field in the output of the d...

by Builder in

Reduce the noise out of Security EventCodes..

Hi,I'm trying to reduce the noise out of these EventCodes which we can exclude in the enterprise security point of vi...

by Builder in

How to create query for showing when was a Notable alert assigned and calculate SLA based off that?

Hi, I need to report on when a Notable alert was changed from the default "unassigned" status to " Acknowledged" stat...

by Builder in

Splunk Enterprise Security Devices support

Dears How to find out what Devices (Switch, Router, etc.), operating systems (Windows, linux, MacOs, etc.), applica...

by Observer in

Developing reliable searches dealing with events indexing delay

Hello everyone, I am concerned about single-event-match (e.g. observable-based) searches and the eventual indexing ...

by Explorer in

Endpoint Correlation Searches.

We are in the process of deploying our endpoint logging strategy. Right now, we are using CrowdStrike as our EDR. As ...

by Explorer in

Adding Additional fields to notable events

I am pretty new to ES correlation seraches and I am trying to figure out how to add additionals fields to notable eve...

by Explorer in

Splunk Enterprise Security - permissions issue

A user is unable to access investigations in Enterprise Security (version ES 7.1.1) on Splunk Cloud (Splunk 9.0.2) . ...

by Explorer in

接入日志的最大数量

想了解下，SPlunk 单台服务器，最多可以接入多大的数据量 ，可以给工

by New Member in

Risk Analysis Dashboard - Risk Modifiers by Annotations

Hello: I recently started playing with the Risk framework, RBA etc. Most of my Risk Analysis dashboard is working w...

by Path Finder in

How to enrich notable events in ES?

Hello all, We are wanting to enrich events as they become notables in ES before they are sent onto Mission contro...

by Loves-to-Learn in

Splunk Enterprise Security Install Error In Deployer

Hi community Splunk, I have a issus when install Splunk Enterprise Security in Deployer. I have Splunk enviroment, it...

by New Member in

metric event is not properly structured issue in my SH !

HiI'm seeing an error message in my es search head, How we can sort out this issue Search peer idx-xxx.com has the fo...

by Builder in

Is it possible to move Splunk Security Essentials Bookmark to Enterprise Security Search Head?

Hi Splunkers, We have a ton of bookmarked content in Splunk Security Essentials App on one of our Dev Splunk searc...

by Communicator in

Splunk Security Essentials and ES Integration

Hello everyone, I am trying to enable some basic detections that found from the Splunk Security Essentials app. We ...

by Explorer in

incident_review migration to new splunk enterprise security (SH cluster)

I have an old stand alone search head with Enterprise security and I'm migrating to a new search head cluster. Now ...

by New Member in

What is the retention period for summaries generated by Data Models?

We have activated several data models for use with Splunk Enterprise security scenarios and are interested in clarify...

by Explorer in

How to send only not suppressed notable from Splunk to SOAR

Hi, we are using Splunk ES with notable events and suppressions. For sake of completeness, we have alerts that prod...

by Path Finder in

how to make a bar graph showing quantity closed notable events based on last modified time in a time range of 12 hours?

I would like a search query that would display a graph with the number of closed notables divided by urgency in the l...

by Engager in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Identies question

Splunk Enterprise Security: Issue found in "SA-IdentityManagement" : Identity - Asset CIDR Matches - Lookup Gen

threat intelligence upload not working too

Threat intelligence issue

Splunk Security Essentials

need spl into datamodel search

Need changes to the datamodel search

Reduce the noise out of Security EventCodes..

How to create query for showing when was a Notable alert assigned and calculate SLA based off that?

Splunk Enterprise Security Devices support

Developing reliable searches dealing with events indexing delay

Endpoint Correlation Searches.

Adding Additional fields to notable events

Splunk Enterprise Security - permissions issue

接入日志的最大数量

Risk Analysis Dashboard - Risk Modifiers by Annotations

How to enrich notable events in ES?

Splunk Enterprise Security Install Error In Deployer

metric event is not properly structured issue in my SH !

Is it possible to move Splunk Security Essentials Bookmark to Enterprise Security Search Head?

Splunk Security Essentials and ES Integration

incident_review migration to new splunk enterprise security (SH cluster)

What is the retention period for summaries generated by Data Models?

How to send only not suppressed notable from Splunk to SOAR

how to make a bar graph showing quantity closed notable events based on last modified time in a time range of 12 hours?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Sendalert risk does not populate source_guid / sou...

Asset Identity Framework subnet does not match ip-...

Palo Alto apps and add-ons for splunk

Dashboard PNG schedule export setting is not viewa...

Incident_updates_lookup not updating urgency and r...

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions