Splunk Enterprise Security

Community Activity

Splunk Enterprise Security: Is there a workaround for duplicate events being reported by ES Search Head? We have Splunk Enterprise Security (ES) Search Head (SH) which is reporting duplicate events even though those events... by mipeters_splunk Splunk Employee in Splunk Enterprise Security 06-02-2017 0 4	0	4
WannaCry [New variants] : How to detect the new variants of the ransomware? I read the blog post that Splunk put out on Wannacry over the weekend which was really helpful to detect some of thos... by bpatel_splunk Splunk Employee in Splunk Enterprise Security 06-02-2017 1 1	1	1
Splunk Enterprise Security: After upgrading, why do I receive error "Install cannot continue because some apps are configured to deny disablement"? upgraded Splunk Enterprise Security (ES) from v4.5.2 and after restarting Splunk and navigating to the ES app, we rec... by cdo_splunk Splunk Employee in Splunk Enterprise Security 05-30-2017 0 1	0	1
Should Splunk Enterprise Security be the only thing installed on a Search Head? I've been told that "Best Practices" (one of my least favorite terms) is to leave Splunk Enterprise Security (ES) on ... by DavisLee New Member in Splunk Enterprise Security 05-30-2017 0 4	0	4
Enterprise Security: How to add swimlanes of custom sourcetypes to Identity Investigator dashboard? Hey Splunkers, Our securty team really likes the Identity Investigator dashboard. Only things is -- it would be GREA... by joshuamcqueen Path Finder in Splunk Enterprise Security 05-30-2017 1 4	1	4
How to edit my search to get the required common value? I am trying to create an rule with 2 information "Expected Host Not Reporting" & "Network Device Interface Down" I w... by sumanssah Communicator in Splunk Enterprise Security 05-26-2017 0 1	0	1
Can you upgrade Splunk Enterprise Security on a test server that points at the same Index layer? I am planning out the first upgrade of Splunk Enterprise Security (Splunk ES) and am working out how. When we instal... by chrisbennett New Member in Splunk Enterprise Security 05-25-2017 0 1	0	1
Splunk Enterprise Security and Windows Server Hello, I have a client who is insisting on building an on-prem Splunk environment with Windows Servers. Can someone... by jgorman_THG Explorer in Splunk Enterprise Security 05-25-2017 0 1	0	1
Enterprise Security - SA-ThreatIntelligence - Checkpoint file error Hello, I'm troubleshooting an error I get with SA-ThreatIntelligence in ES: in Data inputs » Threat Lists, I have se... by fabiob Explorer in Splunk Enterprise Security 05-23-2017 1 2	1	2
How to edit my data model search to reference a lookup table? Hi All, I am working on developing a search in Splunk Enterprise Security that will reference a lookup table named ... by hmrabet New Member in Splunk Enterprise Security 05-23-2017 0 5	0	5
How to use the threat feed I added using threat intelligence downloads in Splunk Enterprise Security? Hi Splunkers, I would like to know how to use threat feed which I have added using threat intelligence downloads in ... by thambisetty_bal Path Finder in Splunk Enterprise Security 05-14-2017 2 7	2	7
How to prevent congestion between Heavy Forwarders and Indexers? We have observed yesterday that there was around 90+% of indexing queue on our indexers. This resulted in failed con... by vr2312 Builder in Splunk Enterprise Security 05-11-2017 0 5	0	5
My Key Security Indicators aren't working after removing the default "admin" account (display "Unable to load results") I recently removed the default "admin" account and am now finding that the Key Indicators no longer work. Are these r... by LukeMurphey Champion in Splunk Enterprise Security 05-09-2017 0 1	0	1
Can I have the Palo Alto App for Splunk without the index? Apparently I need the app to be able to use it's Panorama integration. But I don't think that I need the 100+GB of i... by MonkeyK Builder in Splunk Enterprise Security 05-09-2017 0 5	0	5
Splunk Enterprise Security: How to manually trigger notables? We had an outage of 2 hours for all Enterprise Security Search Heads. During this period, we missed few notables to "... by koshyk Super Champion in Splunk Enterprise Security 05-07-2017 0 2	0	2
Why do I receive different results between two different applications? I have a simple search index=myIndex sourcetype=mySourcetype If I run the search in the Splunk Enterprise Security... by jwhughes58 Contributor in Splunk Enterprise Security 05-01-2017 0 2	0	2
Infoblox Sourcetype Branch Failures We are taking in infoblox logs via syslog and are getting inconsistent results. We have a clustered environment. Th... by panovattack Communicator in Splunk Enterprise Security 05-01-2017 0 3	0	3
DomainTools App and TA for Splunk: Why am I unable to save credentials? We use Splunk Enterprise Security (which uses SA-DomainTools) for whois. Our API license and key is therefore alread... by panovattack Communicator in Splunk Enterprise Security 04-27-2017 0 6	0	6
Highlight Repeat Notable Offenders I'm trying to write a search to highlight users that have caused multiple notables over time. Using the search below,... by kmcaloon Explorer in Splunk Enterprise Security 04-26-2017 0 3	0	3
generate CSR certificate in Splunk 6.5 We want to generate a CSR file for sharing with the internal certificate authority do we have any document or steps i... by vikram_m Path Finder in Splunk Enterprise Security 04-26-2017 0 1	0	1
Failed to execute KV Store lookup Since i upgrdaed splunk enterprise to 5.5.3 and installed Enterprise security app, i am getting following error conti... by Prakhar_shukla Path Finder in Splunk Enterprise Security 04-26-2017 0 8	0	8
Not creating notable event in incident review i have created one correlation search and updated the details for the notable event. But my correlation search is not... by vin02 Path Finder in Splunk Enterprise Security 04-26-2017 1 3	1	3
Splunk enterprise security input data I have installed Splunk ES in SH cluster and search head as mentioned in docs. i have also installed add-on in which ... by Prakhar_shukla Path Finder in Splunk Enterprise Security 04-26-2017 0 2	0	2
Splunk Enterprise Security App buy If I buy a splunk 10GB license, will i get the Splunk Enterprise Security App complementary.? by vatsal1511 Explorer in Splunk Enterprise Security 04-25-2017 0 4	0	4
How to restore Glass Tables - ES Deployment Template Hi team, We are in Enterprise Security I cleared one of the default Glass Table by mistake. Is there a way to rest... by season88481 Contributor in Splunk Enterprise Security 04-24-2017 0 1	0	1