Thread Info | |||||
---|---|---|---|---|---|
Hi
The notable event for a user lockout correlation search is showing urgency as "Unknown", I tried changing it t...
by
kiran331
Builder
in
Splunk Enterprise Security
07-13-2016
|
0
|
1
| |||
I'm creating correlation searches from scratch in the latest version of ES. The search results include fields that do...
by
PrinceOfEval
Path Finder
in
Splunk Enterprise Security
11-07-2014
|
7
|
5
| |||
Hey Splunkers,
Question about notable events. I know how to modify a correlation drill-down searches (and pass tok...
by
joshuamcqueen
Path Finder
in
Splunk Enterprise Security
10-20-2014
|
7
|
2
| |||
Hi,
I am implementing the Splunk Enterprise Security app. I have DNS logs which are in Solaris. I went through the...
by
rishrai
New Member
in
Splunk Enterprise Security
07-06-2016
|
0
|
1
| |||
We recently upgraded our Splunk installation from 6.1.6 to 6.4.1 As part of the follow up work around this we needed ...
by
mux
Explorer
in
Splunk Enterprise Security
07-05-2016
|
0
|
6
| |||
Hi ,
I am planning to install ES in my environment. I have 3 indexer, 1 master node, 1 deployment server. Currentl...
by
himapate
Explorer
in
Splunk Enterprise Security
07-01-2016
|
0
|
2
| |||
Is it possible to add the risk scores to the notable events listed in Incident Review?
I think it's possible to ac...
by
sheamus69
Communicator
in
Splunk Enterprise Security
05-25-2016
|
0
|
2
| |||
I am doing an upgrade of Enterprise Security from 3.3.1 to 4.0 through the GUI. I installed the app by providing it t...
by
fairje
Communicator
in
Splunk Enterprise Security
11-04-2015
|
0
|
10
| |||
Hello
In Enterprise Security, there is the option to run a script as a follow on action to a notable event. Is it ...
by
gary_richardson
Path Finder
in
Splunk Enterprise Security
06-20-2016
|
0
|
3
| |||
Hello everyone,
There is extensive documentation on what fields need to exist in order for a data source to fit in...
by
j4adam
Communicator
in
Splunk Enterprise Security
06-09-2016
|
1
|
2
| |||
Some users reported that the investigations functionality is not available for them in the Enterprise Security app. W...
by
szabados
Communicator
in
Splunk Enterprise Security
06-09-2016
|
0
|
1
| |||
Hi,
We have Linux Audit log data coming in Via OSSEC into Splunk. For this data, source is set to /var/ossec/logs/...
by
att35
Builder
in
Splunk Enterprise Security
06-02-2016
|
0
|
11
| |||
Hi all,
I wrote this search that shows me when certain SSIDs are matched.
sourcetype=rogap SSID="*skynet*" OR ...
by
splunk_cv
Explorer
in
Splunk Enterprise Security
06-01-2016
|
0
|
5
| |||
After configuring the proxy settings for downloading the Splunk for Enterprise Security Intelligence Source data, I a...
by
trross33
Path Finder
in
Splunk Enterprise Security
10-16-2015
|
0
|
1
| |||
So this is the pre-configured correlation search called "substantial increase in port activity". I'd like to tweak it...
by
echojacques
Builder
in
Splunk Enterprise Security
08-27-2013
|
0
|
5
| |||
Is there anything different when running a lookup on data returned by a pivot compared to the same lookup running on ...
by
dragoslungu
Explorer
in
Splunk Enterprise Security
07-21-2014
|
4
|
1
| |||
Hi, Splunkers
We have a single instance as an Indexer, Search head, and Splunk Enterprise Security (32Gb RAM,16 vC...
by
evelenke
Contributor
in
Splunk Enterprise Security
05-16-2016
|
1
|
4
| |||
I get this error every hour at my installation:
msg="A script exited abnormally" input="./bin/scripted_inputs...
by
andresito123
Communicator
in
Splunk Enterprise Security
05-23-2016
|
0
|
2
| |||
Hi,
I'm in the process of tuning our risk scores, as applied to objects (users or assets) from a correlation searc...
by
sheamus69
Communicator
in
Splunk Enterprise Security
05-18-2016
|
0
|
3
| |||
Hi All,
I am just posting a solution to an issue I have had with two upgrades for Splunk Enterprise Security. Firs...
by
domenico_perre
Path Finder
in
Splunk Enterprise Security
05-12-2016
|
0
|
1
|