Splunk Enterprise Security

Community Activity

Disposition CHart Hello Splunkers. how can i add the disposition chart in splunk mission control/incident review? as there are only the... by msalghamdi Path Finder in Splunk Enterprise Security 12-02-2025 0 0	0	0
Add Notable Event to an ES Investigation using the API I would like to have an investigation created with a notable event recorded in there using the API.I've been trying t... by dsofoulis Path Finder in Splunk Enterprise Security 12-01-2025 0 5	0	5
Training Unit how utitlized tranning unit to take exam voucher becouse already sent email to certificate@splunk.com but still not ... by Najm Engager in Splunk Enterprise Security 11-29-2025 0 5	0	5
[Splunk Content] Xp_cmdshell enablement rule error in content management On Splunk ES I’m having an issue with the rule “Windows SQL Server xp_cmdshell Config Change” (https://research.splun... by nooproblems New Member in Splunk Enterprise Security 11-27-2025 0 1	0	1
Correct way to use NOT match Hi, Whats the correct syntax to use when trying to return results where two fields DO NOT match? Trying the followi... by jacqu3sy Path Finder in Splunk Enterprise Security 11-26-2025 0 6	0	6
Splunk ES 8.2 API note management Hello,Up until Splunk ES 8.1 Splunk ES has an option to update notable event using following API:https://help.splunk... by Dima Explorer in Splunk Enterprise Security 11-26-2025 1 5	1	5
Access Finding/Investigation notes in ES 8 Hi there,we're currently migrating to ES 8 and need to see Work Notes (comments) provided by analysts in some dashboa... by ljvc Explorer in Splunk Enterprise Security 11-21-2025 0 10	0	10
Email alert not triggering Hello, we have a DMC configured on Splunk Licence Master, I need to enable all the critical resource utilization aler... by maheshnc Path Finder in Splunk Enterprise Security 11-18-2025 0 8	0	8
unable to update "action.notable" via API I am trying to update a detections config in ES via API with a bash script.All of the below is working and updating t... by cha_18 Engager in Splunk Enterprise Security 11-10-2025 0 1	0	1
Palo Alto apps and add-ons for splunk Hello, Current setup is Palo Alto firewall and using Sc4s (splunk connect for syslog) , so far getting all logs fo... by hl Path Finder in Splunk Enterprise Security 11-08-2025 0 1	0	1
Notable Event Status Inconsistency Between List View and Detail View in Mission Control I'm experiencing a status synchronization issue in Splunk Enterprise Security 8.3.2 where the notable event status di... by torgynnurlankul New Member in Splunk Enterprise Security 11-05-2025 0 2	0	2
Using Webhook to send data to internal server? I'm trying to set up an open-source SOAR tool and need to get the results of a correlation search from Splunk. Using ... by st1 Path Finder in Splunk Enterprise Security 11-03-2025 0 3	0	3
How to handle Defender Incidents/Alerts with ES Notables What is best practice when ingfesting Defender XDR Incidents and/or Alerts and using them for notables in Splunk ES? ... by lyonheart14 New Member in Splunk Enterprise Security 10-30-2025 0 0	0	0
Splunk Enterprise Security API support for update findings There is the finding API in ES 8.2:https://help.splunk.com/en/splunk-enterprise-security-8/api-reference/8.2/splunk-... by Dima Explorer in Splunk Enterprise Security 10-28-2025 0 0	0	0
Clarification on UBA Capability in Splunk Enterprise Security vs MLTK and RBA Hello Splunk Community,I would like to request clarification regarding Splunk Enterprise Security (ES) capabilities i... by tuongpx New Member in Splunk Enterprise Security 10-21-2025 0 0	0	0
Upload failed: Package is too large, must be less than 512 MB Hi,I am trying to upgrade my ES app to 8.1.1 but when i try to upload i have issue : Upload failed: Package is too la... by Elbald97 Explorer in Splunk Enterprise Security 10-21-2025 0 8	0	8
How to insert ESCU detections via REST API into Splunk ESS? We have automation to insert /saved/searches endpoint and all is good. Also current have quite lot of custom Splunk... by koshyk Super Champion in Splunk Enterprise Security 10-21-2025 0 4	0	4
Does Splunk Enterprise Security (ES) require a separate license file? I want to clarify how licensing works between Splunk Enterprise and Splunk Enterprise Security (ES).If an organizatio... by salohiddin Explorer in Splunk Enterprise Security 10-19-2025 0 2	0	2
Veterans Program? Splunk Enterprise Security (ES) Is there a Special Log In for Veterans Workforce Program? Am I currently signed in as a regular user?I signed up f... by ralphsteen New Member in Splunk Enterprise Security 10-18-2025 0 3	0	3
KV Store communication fails with TLS errors after upgrading from 9.4.3 to 10.0.1 After upgrading from 9.4.3 to 10.0.1 I run in the following TLS errors from mongod.log:2025-10-16T08:59:56.224Z I NE... by afx Contributor in Splunk Enterprise Security 10-16-2025 0 0	0	0
Datamodel containes events older than earliest costraint I’m running into an unexpected behavior with the Network_Traffic datamodel.Here’s the configuration:allow_old_summari... by antoniomarongiu Engager in Splunk Enterprise Security 10-13-2025 0 4	0	4
Is there a way to re-index data from an index to a new index, on a indexer cluster, without using collect? We have an index with a ton of data. A new use for the data has emerged, so now we want a longer retention time on so... by hettervik Builder in Splunk Enterprise Security 10-13-2025 0 7	0	7
Can Splunk ES Trial Work with the Splunk Enterprise Free Trial (500 MB/day)? Hello everyone,I have a question about trial licenses.Can the Splunk Enterprise Security (ES) license work together w... by salohiddin Explorer in Splunk Enterprise Security 10-10-2025 0 1	0	1
Sendalert risk does not populate source_guid / source_event_id — UI-created risk events do Hi everyone,I’m seeing a discrepancy with the Risk Modular Alert Action in Splunk ES. When triggering the risk action... by Sky New Member in Splunk Enterprise Security 10-10-2025 0 0	0	0
Asset Identity Framework subnet does not match ip-subnet relation We are using Asset Identity Framework for all environment we have.For asset side, we have CMDB database in the compan... by melekyav New Member in Splunk Enterprise Security 10-08-2025 0 0	0	0