Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

Can Enterprise Security use search-head clustering?

Hi, We currently use Enterprise Security, with a single search-head. We'd like to move to using SHC (took a hit re...

by Champion in

Embed Field values in Title for a correlation search

Hi, In Splunk Enterprise Security, in order to embed field values in a title we need to use "$fieldname$" but in th...

by Communicator in

Add-on for Atlassian JIRA Service Desk alert action : Jira ticket creation from Splunk failed

Hi, i m getting the below error when i m trying to create a ticket from splunk. i m passing this value in custom fiel...

by Observer in

Splunk ES 6.1.1 asset_lookup_by_cidr not populated

We are validating our Splunk 6.1.1 ES installation and have noticed the "asset_lookup_by_cidr" kvstore based lookup d...

by Path Finder in

Getting a 500 internal server error when I attempt to run setup

When attempting to install the Rapid 7 TA 1.2.1, I am getting a 500 internal server error when I attempt to run setup...

by Observer in

Why am I receiving a '500 Internal server Error' when attempting to configure Rapid7 Nexpose Technology Add-On for Splunk?

splunkd logs: 04-17-2018 16:19:12.876 +0000 ERROR UserManagerPro - Failed to get LDAP user="nobody" from any configur...

by Explorer in

Intelligence Downloads

Hi Splunk Team! I recently received messages like the followinghow do i fix it Thanks!

by Path Finder in

connecting to license master from CLI

Hello, I'm installing a new splunk instance and need to connect it to our master license server. I used to do this ...

by Path Finder in

Error install ES 6.0 on splunk 8.0.4.1

Hii can not install ES 6.0 on SP 8.0.4.1it have error while it is post install i install splunk fresh install,i don...

by New Member in

Custom Adaptive Response Invocations Result Manuel

Hi, I create own custom adaptive response action. This adhoc action is worked. But, I don't use cim_action.py lib on ...

by Path Finder in

Throttling of ES Notable If A Notable Already Exists

Hi All, Can anyone suggest if we can throttle a correlation search if a notable is already in open state for same g...

by Explorer in

Search restrictions and tstats

Hello, I have a strange problem with the search restrictions and tstats case: a role has access to all non-interna...

by Path Finder in

Splunk Enterprise Security: Add a Filter to the Traffic Size Analysis Dashboard

I'd like to add a filter to the Traffic Size Analysis Dashboard. The filter I'd like to add is the "src_ip" field. Cu...

by Communicator in

ESS Admin Role unable to create correlation searches

I'm getting the following error while trying to save a correlation search as a user with the ess_admin role: There ...

by Path Finder in

Are there any disadvantages of installing Windows Infra app on the ES search head ?

Are there any disadvantages of installing Windows Infra app on the ES search head if the SH has 32Gb ram and 24 CPU ?

by Motivator in

List of all notable events with associated investigations

Hello, I am trying to build a report where I can list all the notable events with associated investigations. Th...

by New Member in

Ossec sent windows and linux logs are not correctly indexed

Hi all, I use splunk forwarder to read ossec alert logs and index them on splunk. I'm using all the latest versions. ...

by Explorer in

How to create multiple input-text box rows with "FormRows" & "add-row" button click ?

Hey All, I am working on UI piece and trying to figure out best way to create following UI component using splunk/r...

by Splunk Employee in

Reduce data model summaries

I have a data model that has grown quite large, over 7TB for Network Sessions. Its set to 3 months accelerated. I wan...

by Communicator in

Enteprise Security and notable events creation issue

Dear all I have an issue with a new dedicated Search Head for ES. My Splunk architecture is quite simple. 4 cluste...

by New Member in

Splunk Enterprise Security

Discussions

Can Enterprise Security use search-head clustering?

Embed Field values in Title for a correlation search

Add-on for Atlassian JIRA Service Desk alert action : Jira ticket creation from Splunk failed

Splunk ES 6.1.1 asset_lookup_by_cidr not populated

Getting a 500 internal server error when I attempt to run setup

Why am I receiving a '500 Internal server Error' when attempting to configure Rapid7 Nexpose Technology Add-On for Splunk?

Intelligence Downloads

connecting to license master from CLI

Error install ES 6.0 on splunk 8.0.4.1

Custom Adaptive Response Invocations Result Manuel

Throttling of ES Notable If A Notable Already Exists

Search restrictions and tstats

Splunk Enterprise Security: Add a Filter to the Traffic Size Analysis Dashboard

ESS Admin Role unable to create correlation searches

Are there any disadvantages of installing Windows Infra app on the ES search head ?

List of all notable events with associated investigations

Ossec sent windows and linux logs are not correctly indexed

How to create multiple input-text box rows with "FormRows" & "add-row" button click ?

Reduce data model summaries

Enteprise Security and notable events creation issue

Missed macro ec2_excessive_terminateinstances_mltk...

MITRE-ATTACK latest threat list can not be downloa...

Failing to add Threat Intelligence Feed to Splunk ...

Inline table not showing in Correlation Search Ema...

XFE app threat intelligence in Splunk