Splunk Enterprise Security

Discussions

Thread Info

Getting errors messages Health Check: msg="A script exited abnormally with exit status:1" input="../configuration_chekc.py" after upgrading from Splunk Enterprise Security 5.1.1 to 6.1.0

We have upgraded Splunk Enterprise recently to 8.0.2.1 and all the apps in our environment to the latest version. One...

by Observer in

LDAP Search= Command

How do you use the search= command with lpdasearch or lpdafilter? I seen examples where they are using search="(objec...

by New Member in

Is it possible to filter data coming through Elasticsearch Modular Input without changing the configuration or data indices on ES?

Hi All, I have enabled the Modular Input for Elasticsearch(ES) and I am able to get in the data. My sample data is...

by Explorer in

Compare today's values to the week's median without join

Hello there, I'm have a search that get the events atributed to "N" number of users, and I would like to compare t...

by Engager in

CBResponse app compatibility plans for Splunk 8.x?

Will the CB Response app be compatible with Splunk 8.x anytime soon? Or does anyone have a workaround for errors that...

by Explorer in

ignore timestamp greater than 2 days

two time fields per event: _time (default eventfield for Splunk) occurtime (timestamp within body of event) I only...

by New Member in

Title in Email from Correlation Search

I have looked at the SPLUNK documentation (https://docs.splunk.com/Documentation/Splunk/7.2.9/Alert/EmailNotification...

by Contributor in

Is it advisable to implement Splunk ES using SmartStore in a 2-site configuration?

According to https://docs.splunk.com/Documentation/Splunk/8.0.3/Indexer/AboutSmartStore#CurrentrestrictionsonSmartSto...

by New Member in

how to check the retention SET time that data are being deleted using CLI and query into splunk?

Hello All, Hope You're well. how to check the retention SET time that data are being deleted using CLI and query i...

by Explorer in

Why I need to backup Indexes,Configuration files etc..

Hi Splunkers, I have a concern where splunk says "If you use a .tar file, expand it into the same directory with t...

by Explorer in

With regards to PeriodicHealthReporter, what constitutes a "Delayed Search"

Since performing a recent upgrade, SPlunk is constantly reporting (in Health Status) that the Searches Delayed is abo...

by Path Finder in

Anyone using F5 GTM's and using the logs for anything?

We have an idea to use the logs from these systems for DDOS detections. Was wondering if anyone has props\transfers t...

by Explorer in

Invalid account error when trying to access ES Sandbox instance URL?

Hi, I just tried to deploy a Splunk ES Sandbox and also registered a new account at the same time. The flow was ro...

by Engager in

Network data statics dashboard

Hello, I have request to collect all network data based allowed denyed and dropped traffic info from various netw...

by Path Finder in

How to use time range from time picker in dashboard search?

I just added a time picker to one of my dashboards. One of the panels in this dashboard is showing "new" vulnerabilit...

by Path Finder in

How to tune this search for detection of DNS tunnels rule

I need help on how I can tune the search below. It creates too much noise. I will like to know what steps I can use t...

by New Member in

Getting mutiple issues when enabling ssl on Splunk web with 3rd party certs with requiredClientCert = true

Hi All, I want enable mTLS in splunk cluster on all the communication channels. I have peer certificate that works...

by Path Finder in

I know Splunk doesn't have an official Data Model for Containers, does anyone have one that they are using?

I don't know if data model:Containers are on Splunk's road map. or if there's a official data model that supports the...

by New Member in

i want to write regular expression with the field i have a field called "file_name"

i have a field name is file_name in that field value is there ex: file_name= Operating System-Linux-Server-Support...

by New Member in

How to search for brute force logins coming from an external source only?

Guys, I am trying to specifically see if I can distinguish when the login attempts are coming from an external source...

by New Member in

Splunk Enterprise Security

Discussions

Getting errors messages Health Check: msg="A script exited abnormally with exit status:1" input="../configuration_chekc.py" after upgrading from Splunk Enterprise Security 5.1.1 to 6.1.0

LDAP Search= Command

Is it possible to filter data coming through Elasticsearch Modular Input without changing the configuration or data indices on ES?

Compare today's values to the week's median without join

CBResponse app compatibility plans for Splunk 8.x?

ignore timestamp greater than 2 days

Title in Email from Correlation Search

Is it advisable to implement Splunk ES using SmartStore in a 2-site configuration?

how to check the retention SET time that data are being deleted using CLI and query into splunk?

Why I need to backup Indexes,Configuration files etc..

With regards to PeriodicHealthReporter, what constitutes a "Delayed Search"

Anyone using F5 GTM's and using the logs for anything?

Invalid account error when trying to access ES Sandbox instance URL?

Network data statics dashboard

How to use time range from time picker in dashboard search?

How to tune this search for detection of DNS tunnels rule

Getting mutiple issues when enabling ssl on Splunk web with 3rd party certs with requiredClientCert = true

I know Splunk doesn't have an official Data Model for Containers, does anyone have one that they are using?

i want to write regular expression with the field i have a field called "file_name"

How to search for brute force logins coming from an external source only?

Splunk ES on version 7.3.3: How to get consistent ...

Is there an easy way to configure HTTP proxy for A...

Splunk App and Add-on for Amazon Web Services: Log...

Splunk Security Essentials not showing ESCU conten...

Threat intelligence framework