Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
l00111533

Is there a way to audit the trail to the correlation search edit?

Is there a way to audit trail to the correlation search edit?Finding out who and when and what has been changed to th...
by l00111533 New Member in Splunk Enterprise Security 02-10-2023
0 3
0
3
omri_p

How to replace high number digits with a letter?

I have created several dashboards containing high numbers (millions or thousands)in the dashboard i would like the re...
by omri_p Engager in Splunk Enterprise Security 02-09-2023
0 4
0
4
manojannabathin

How to create notable events alert if any of correlation searches get skipped?

How can i create notable events alert if any of correlation searches is getting skipped?
by manojannabathin Loves-to-Learn Everything in Splunk Enterprise Security 02-03-2023
0 6
0
6
machfivejohnnyf

Splunk App for Enterprise Security - Identity Center not fully populating endDate data

I am having an issue where the Identity Center in Splunk ES is not fully populating, more specifically the endDate of...
by machfivejohnnyf Engager in Splunk Enterprise Security 02-02-2023
0 2
0
2
jamesjung01

Is it possible to Splunk 6 version to version 9 rolling upgrade?

is it possible to splunk 6 version to version 9 rolling upgrade?
by jamesjung01 Explorer in Splunk Enterprise Security 02-02-2023
0 3
0
3
sh_bolatbekov

How to properly configure a cluster of indexers to work ES?

Hello!We need to implement architecture ES Splunk to 400 GB in clustering (SH, IDX). How we should to count numbers o...
by sh_bolatbekov New Member in Splunk Enterprise Security 01-31-2023
0 3
0
3
gcusello

Use Maps in Enterprise Security

Hi at all,I'm configuring Enterprise Security but I found an unattended issue:I'm trying to use the Maps feature asso...
by SplunkTrust SplunkTrust in Splunk Enterprise Security 01-29-2023
1 1
1
1
lucas4394

How to get the size of a lookup file from Splunk search

Hi all, Does anyone know how to get the file size of a lookup file from Splunk search? thanks.
by lucas4394 Path Finder in Splunk Enterprise Security 01-26-2023
0 4
0
4
ismailawan

Why is notable Macro not returning results in realtime searches via search API?

We use the splunk search endpoint to get notable events using the search endpointservices/search/jobssearch=search `n...
by ismailawan Engager in Splunk Enterprise Security 01-26-2023
0 1
0
1
itsme938

Anyone have a search for meant time to triage for specific urgency (high or critical)?

Anyone have a search for Meant Time to Triage for specific urgency (high or critical)? I'm having no luck trying to m...
by itsme938 Splunk Employee Splunk Employee in Splunk Enterprise Security 01-24-2023
0 0
0
0
SamHTexas

How do I find a list of correlation searches in ES or Splunk Ent. that are not working like missing macros etc...?

Please help me with an SPL to locate Corr. searches that are in trouble , not working right. For example missing a ma...
by SamHTexas Builder in Splunk Enterprise Security 01-24-2023
0 4
0
4
MarkusM

Splunk ES Threat matching src -How to solve this Multisearch Issue?

Hi,I am facing an strange issue on a SIEM Installation (Splunk 9.0.2 / ES 7.0.1) in regards to multisearch which is u...
by MarkusM Loves-to-Learn in Splunk Enterprise Security 01-18-2023
0 3
0
3
llee_splunk

How do I edit the time frame/window for a key indicator?

How do I edit the time frame/window for a default key indicator (e.g. VULNS PER SYSTEM found in the Vulnerability Cen...
by llee_splunk Splunk Employee Splunk Employee in Splunk Enterprise Security 01-17-2023
0 2
0
2
Gregski11

What is this error: Unknown search command 'essinstall'.?

Splunk 9.0.0 on Windows servers  So I clicked on Apps \ Enterprise Security and I was greeted with that error App con...
by Gregski11 Contributor in Splunk Enterprise Security 01-14-2023
0 15
0
15
Matilda

Is it possible that logs get duplicated between Splunk Enterprise and Splunk Enterprise Security?

Hi! I want to know if is possible to get duplicated ingestion of logs between Splunk Enterprise and Splunk enterprise...
by Matilda Explorer in Splunk Enterprise Security 01-12-2023
0 4
0
4
user2020dy

How to customize Threat Activity dashboard by adding new fields?

Hello!I am experiencing troubles with analyzing Threat Intelligence data in Enterprise Security.  When I go to Securi...
by user2020dy Path Finder in Splunk Enterprise Security 01-11-2023
1 1
1
1
MagicVisitor

How to create Splunk alert to detect unauthorized certificate usage?

Hi, I am trying to extract a new field to spot unauthrorised certificate usage on a server.  Under event ID 4768, the...
by MagicVisitor New Member in Splunk Enterprise Security 01-08-2023
0 0
0
0
RickvdIJ

Why is Threat Intelligence not correctly parsing and automatically setting to STIX parsing?

Hi all, Within Splunk ES I've configured a test threat intelligence feed with the following settings: New > Line orie...
by RickvdIJ Explorer in Splunk Enterprise Security 01-06-2023
0 2
0
2
creiglow

How can I change Threat intelligence setting the default time that the removal process runs for threat sources?

In the documentation at https://docs.splunk.com/Documentation/ES/7.0.2/Admin/Changethreatintel under  Review the logi...
by creiglow Explorer in Splunk Enterprise Security 01-06-2023
0 1
0
1
k115

Web application firewall use case: How to find top targeted domain on my domain?

Hi Team,I am working on web application firewall related use case, I wanna find out top targeted domain on my domain....
by k115 Engager in Splunk Enterprise Security 01-06-2023
0 1
0
1
vpsmax1

How to add new field to existing CIM data model?

Hello. Using the eval function, trying to add a new field to the Change data model.  When I try to add the new field ...
by vpsmax1 Loves-to-Learn in Splunk Enterprise Security 01-06-2023
0 3
0
3
hperez

Where can I view created notable alert suppression entries in ES?

Hello, Where can I view notable alert suppression entries in ES? I'm looking for a way to not only audit these entrie...
by hperez Explorer in Splunk Enterprise Security 01-06-2023
0 4
0
4
balu1211

How to reduce notable events that correlation search has generating?

Hi, I have created an advance threat protection incidents  Correlation Search which is   generating notable events ho...
by balu1211 Path Finder in Splunk Enterprise Security 01-06-2023
0 1
0
1
sekhar463

Is there customization required for Salesforce integration with Splunk for below case?

Hello experts, I am trying to integration salesforce cloud modules into splunk for security monitoring. Does anyne ha...
by sekhar463 Path Finder in Splunk Enterprise Security 01-06-2023
0 0
0
0
rajwdc

Salesforce splunk integration- Why don't we see any logs?

We are configuring salesforce splunk integration in our salesforce sandbox. We followed the documentation provided by...
by rajwdc New Member in Splunk Enterprise Security 01-06-2023
0 1
0
1
Get Updates on the Splunk Community!

New Year, New Changes for Splunk Certifications

As we embrace a new year, we’re making a small but important update to the Splunk Certification ...

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...
Top Solution Authors
View All