Splunk Enterprise Security

Community Activity

Why does Enterprise Security 3.0 not see the tags or field aliases properly in Splunk 6.0 or 6.1? I have Splunk Enterprise 6.1, I've had the same issue on 6.0, and Enterprise Security 3.0 running. I pull in a dataso... by chrishatfield21 Path Finder in Splunk Enterprise Security 04-29-2016 0 1	0	1
Are Splunk Enterprise Security and Splunk User Behavior Analytics (Splunk UBA) totally independent apps? Hi, Is Splunk Enterprise Security and Splunk User Behavior Analytics (Splunk UBA) totally independent apps? Do they... by otan1010 Explorer in Splunk Enterprise Security 04-25-2016 1 1	1	1
Splunk Enterprise Security 4.x app questions We've provided some background info to go with the questions as they relate to the Splunk Enterprise Security 4.x app... by joshfu New Member in Splunk Enterprise Security 04-22-2016 0 3	0	3
Does anyone have test data that can fire off various correlation searches for notable events in Splunk Enterprise Security? Hi, Does anyone in the community have test data that can fire off various Correlation Searches for Notable Events in... by mvrider Engager in Splunk Enterprise Security 04-21-2016 1 1	1	1
Splunk Enterprise Security: Some dashboards are populated with data, but why not the Threat Activity dashboard? The treat activity dashboard won't populate in the Splunk Enterprise Security app, although other dashboards (not all... by Fraankiiie Engager in Splunk Enterprise Security 04-21-2016 0 7	0	7
ES Security App: Multi-line header is missing matching quotation, or could not parse CSV header I have recurring warnings in splunkd logs with multi-line header is missing matching quotation, or could not parse C... by neelamsantosh Path Finder in Splunk Enterprise Security 04-19-2016 0 4	0	4
Should the Splunk App for ES Health Check be installed prior to installing Splunk Enterprise Security? Should the Splunk App for ES Health Check be installed prior to Splunk Enterprise Security being installed? Can it ... by ryanoconnor Builder in Splunk Enterprise Security 04-15-2016 0 1	0	1
Splunk Enterprise Security 4.0.1: How to import TAXII Observables defined Using Cybox Regex Syntax? I'm running Splunk Enterprise Security 4.0.1, and trying to import and match against Observables defined using Cybox ... by johnmccash Explorer in Splunk Enterprise Security 04-15-2016 1 5	1	5
How do I export Enterprise Security (ES) investigations as a PDF or report? I'm doing research inside of Splunk Enterprise Security, and I'm tagging events into the timeline. I've gone into the... by ccrider New Member in Splunk Enterprise Security 04-14-2016 0 2	0	2
Splunk Enterprise Security: Is it possible to automate assignment of notable events to groups? Is it possible to automate assignment of notable events to groups? For example, if a new notable event is triggered,... by rahul130191 New Member in Splunk Enterprise Security 04-14-2016 0 1	0	1
How to integrate ModSecurity events to Splunk Enterprise Security? Hi, I need to make events I am receiving from a Modsecurity available and formatted for Splunk Enterprise Security. ... by noybin Communicator in Splunk Enterprise Security 04-12-2016 0 6	0	6
Does Enterprise Security automatically re-enable data model acceleration? I'm trying to disable acceleration on a data model that's consuming a massive amount of memory on the indexers. All ... by Lowell Super Champion in Splunk Enterprise Security 04-12-2016 3 2	3	2
Enterprise Security Incident Review - link to other dashboard Hi Splunkers, I want to customize the Enterprise Security Incident Review dashboard to include a link to another das... by DMohn Motivator in Splunk Enterprise Security 04-07-2016 1 6	1	6
Why is the Splunk_TA_paloalto missing from the install directory for Splunk Enterprise Security 4.1.0? The Splunk_TA_paloalto is missing from the SplunkEnterpriseSecuritySuite/install directory for Splunk Enterprise Secu... by jwiedow Communicator in Splunk Enterprise Security 04-06-2016 0 4	0	4
Can we use Splunk IT Service Intelligence as an Event Management Layer between Splunk and a "Tickets System"? Hi to everyone I need to add an "Event Management software layer", between Splunk and a "Tickets System" ( a "Event ... by rubeniturrieta Communicator in Splunk Enterprise Security 04-06-2016 0 1	0	1
Any tips to quickly learn an existing Splunk setup? I am new to Splunk and so far I find that the real difficulty is not learning Splunk itself but understanding my orga... by gabriel_vasseur Contributor in Splunk Enterprise Security 04-06-2016 0 2	0	2
Is there documentation on best practice for which inputs to enable for Splunk add-on for Unix/Linux? This is for an ES use case. by kbrown_splunk Splunk Employee in Splunk Enterprise Security 04-04-2016 0 4	0	4
How to use a certain field as IP to correlate with Splunk Enterprise Security threat intelligence sources? I have included in my installation Sophos Virtual Email Appliance logs. The logs include the originating IP with fiel... by andresito123 Communicator in Splunk Enterprise Security 04-04-2016 0 3	0	3
Splunk Enterprise Security: How to configure datamodel_summary effectively for performance? We are using datamodel_summary heavily for Splunk Enterprise Security and its quite slow in datamodel acceleration. A... by koshyk Super Champion in Splunk Enterprise Security 04-04-2016 1 6	1	6
can we use the Vormetric Security Intelligence app for splunk 6.3.x ? can we use the Vormetric Security Intelligence app for splunk 6.3.x ? I don't see any updates since 2013. by nmohammed Builder in Splunk Enterprise Security 03-29-2016 0 2	0	2
Exclude index from ES dataset Hi, we are currently adding data sources to our Splunk environment. We try our best to make it CIM compliant. We h... by chris Motivator in Splunk Enterprise Security 03-29-2016 0 2	0	2
Search Head Pooling v. Search Head Clustering If i am running Splunnk 6.2.x and ES 3.x using search head pooling, and I upgrade to Splunk 6.3.1 and ES 4.0.1 using ... by hberkis New Member in Splunk Enterprise Security 03-28-2016 0 5	0	5
Are there specific types of indicators and observables in STIX that the Splunk App for Enterprise Security 3.3 looks for? I can't seem to make Splunk ES 3.3 ingest the XML files I get from the government. Naturally, I cannot divulge the de... by madcitygeek Explorer in Splunk Enterprise Security 03-25-2016 4 7	4	7
count/ subtotal for stats values. Hi, We have a query that brings up the sourcetypes in correlated search using "tstats" Example: tsats datamodel xyz ... by shivarpith Path Finder in Splunk Enterprise Security 03-21-2016 0 2	0	2
Splunk won't be accessible after installing Enterprise Security Hello, I installed Enterprise Security 4.0.2 on Windows 2012 R2. After intsalling the ES, splunk became unresponsive... by tkomatsubara_sp Splunk Employee in Splunk Enterprise Security 03-16-2016 0 1	0	1

Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them. As ...

Index This | What has goals but no motivation?

June 2026 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with this ...

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Splunk Enterprise Security

Why does Enterprise Security 3.0 not see the tags or field aliases properly in Splunk 6.0 or 6.1?

Are Splunk Enterprise Security and Splunk User Behavior Analytics (Splunk UBA) totally independent apps?

Splunk Enterprise Security 4.x app questions

Does anyone have test data that can fire off various correlation searches for notable events in Splunk Enterprise Security?

Splunk Enterprise Security: Some dashboards are populated with data, but why not the Threat Activity dashboard?

ES Security App: Multi-line header is missing matching quotation, or could not parse CSV header

Should the Splunk App for ES Health Check be installed prior to installing Splunk Enterprise Security?

Splunk Enterprise Security 4.0.1: How to import TAXII Observables defined Using Cybox Regex Syntax?

How do I export Enterprise Security (ES) investigations as a PDF or report?

Splunk Enterprise Security: Is it possible to automate assignment of notable events to groups?

How to integrate ModSecurity events to Splunk Enterprise Security?

Does Enterprise Security automatically re-enable data model acceleration?

Enterprise Security Incident Review - link to other dashboard

Why is the Splunk_TA_paloalto missing from the install directory for Splunk Enterprise Security 4.1.0?

Can we use Splunk IT Service Intelligence as an Event Management Layer between Splunk and a "Tickets System"?

Any tips to quickly learn an existing Splunk setup?

Is there documentation on best practice for which inputs to enable for Splunk add-on for Unix/Linux?

How to use a certain field as IP to correlate with Splunk Enterprise Security threat intelligence sources?

Splunk Enterprise Security: How to configure datamodel_summary effectively for performance?

can we use the Vormetric Security Intelligence app for splunk 6.3.x ?

Exclude index from ES dataset

Search Head Pooling v. Search Head Clustering

Are there specific types of indicators and observables in STIX that the Splunk App for Enterprise Security 3.3 looks for?

count/ subtotal for stats values.

Splunk won't be accessible after installing Enterprise Security

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

Index This | What has goals but no motivation?

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

any suggested template for ES dashboards KPI

Splunk Add-on for ServiceNow Endpoint Configuratio...

Splunk enterprise security export content in SHC t...

add enrichment in splunk ES8

mc_investigations data is not populated - ES 8.3

Splunk Enterprise Security

Join the Conversation