Splunk Enterprise Security

Discussions

Thread Info

Data model acceleration not sticking

Hi All, I'm not that familiar with DMA as I have not had any exposure really to setting up data models so far but a...

by Path Finder in

Logs are coming in Hex

We are testing a study on routing logs from an e-mail security product we have used to the SIEM environment. In this ...

by New Member in

Enteprise Security and notable events creation issue

Dear all I have an issue with a new dedicated Search Head for ES. My Splunk architecture is quite simple. 4 cluste...

by Engager in

How to setup Monitoring console for ES. What Health Check Item should be watched for. Thank u in advance.

What health check items would you configure for Ent. Security app. for general purpose of for Security watch purposes...

by Builder in

How do I access a list of Saved searches for different apps. To change their timing in ES? Any helpful SPLs ? Thank u

I need to access these saved searches & change their timing due to them conflicting / running at the same time so man...

by Builder in

Monitoring MS SQL logs from Windows Event viewer

Hi All, We need to integrate MS SQL logs with Splunk. The current default add-on supports logs via DB Connect but ...

by Path Finder in

How do I check my long list of Indexes for "good health". Making sure they are healthy & working?

I need to run a check on my Indexes making sure they are healthy. Where & how do I do it? Thank u very much in advanc...

by Builder in

how do i search for failed login attempts and lockouts

hello all I am fairly new to using Splunk and would like some help with searching for locked accounts and to Setup an...

by Engager in

Error when upgrading to Splunk Enterprise Security 6.0

Hi. I have some problems upgrading to Splunk ES 6.0. Normally I've just done the upgrade in the UI, no problem. Ho...

by Builder in

What Health Check items are recommended in Monitoring Console for ES. Thank u

I need to provide HA & better performance in MC for the Enterprise Console (ES) what health check items in MC or DMC ...

by Builder in

share job link

Hi, User needs a link which has the splunk qurery and results He wants to attach the link to already existing das...

by Builder in

tag=registry

Hi, I am forwarding sysmon logs to splunk, for normalization, I could see event ID : 12, 13, 14 are captured (Regis...

by Builder in

Getting error:0906D06C:PEM routines:PEM_read_bio:no start line after activating enableSplunkdSSL in server.conf

I have loaded a SSL Certificate on our development server (Splunk 8.1.4). I added the following to the server.conf fi...

by Communicator in

Error in 'litsearch' command: Your Splunk license expired or you have exceeded your license limit too many times. Renew

Hello my friends I had a problem for 2 days I am not allowed to search in Splank Thankful

by New Member in

How to correlate 4688 Process created and Logon 4624 events

Hi, Can someone help me in correlating 4688 Process created and Logon 4624 events? I tried using the Transaction ...

by New Member in

Integrate Data/Information from Splunk App

I want to integrate data from a Splunk App to the Vuln centre in Enterprise Security. Has anyone done this before?

by Explorer in

Search Notables for Open and Closure Times

Hi Everyone, I am trying to write a query that will allow me to use my notable_events table, display the time the n...

by New Member in

How to integrate email alerts into splunk

Hi, I want to integrate emails from particular DL into splunk and splunk should create alerts for that traffic.

by New Member in

Audit trail for investigations

An analyst adds a note to investigation. Another analyst from another shift delete this note.where is the audit trail...

by Communicator in

How to search by time using |rest command

I'm searching using the | rest command from search bar. Attempting to find saved searches that have been modified in ...

by Explorer in

Splunk Enterprise Security

Discussions

Data model acceleration not sticking

Logs are coming in Hex

Enteprise Security and notable events creation issue

How to setup Monitoring console for ES. What Health Check Item should be watched for. Thank u in advance.

How do I access a list of Saved searches for different apps. To change their timing in ES? Any helpful SPLs ? Thank u

Monitoring MS SQL logs from Windows Event viewer

How do I check my long list of Indexes for "good health". Making sure they are healthy & working?

how do i search for failed login attempts and lockouts

Error when upgrading to Splunk Enterprise Security 6.0

What Health Check items are recommended in Monitoring Console for ES. Thank u

share job link

tag=registry

Getting error:0906D06C:PEM routines:PEM_read_bio:no start line after activating enableSplunkdSSL in server.conf

Error in 'litsearch' command: Your Splunk license expired or you have exceeded your license limit too many times. Renew

How to correlate 4688 Process created and Logon 4624 events

Integrate Data/Information from Splunk App

Search Notables for Open and Closure Times

How to integrate email alerts into splunk

Audit trail for investigations

How to search by time using |rest command

Is it possible to make it mandatory to assign Disp...

Unable to open some correlation rules in Splunk en...

PCI Compliance- Why is Incident Review blank?

Create Notable Event Error (reading 'value')

Using relative_time to filter results before writi...