Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Log ingestion delay

We are observing delayed ingestion of logs from neuvector application, via syslog method

by New Member in

Password reset events

Can someone provide queries for the below Password reset events for a user interactive and non interactive login...

by New Member in

Splunk ES threat feeds empty

Hello guys, since 08/20/2025 we have issues in ES downloading these feeds from Splunk servers. When we try with curl ...

by Motivator in

splunk es content management datamodel is Red

Helloi have splunk enterprise 10.0.0 and install splunk enterprise security 8.1.1 when config cim on splunk es , sho...

by Observer in

Splunk_TA_fortinet_fortigate - domain model Web

I'm ingesting Fortigate logs using the Splunk_TA_fortinet_fortigate add-on, and I've noticed that these logs are not ...

by Loves-to-Learn in

installing Splunk ES 8.02

Getting error: Upload failed: Package is too large, must be less than 512 MB

by Engager in

Splunk ES 8.0.2 missing drill down

After a recent upgrade to Splunk ES 8.0.2, we have observed that none of the drill downs for detection based searches...

by Explorer in

Getting an error after degrading Splunk enterprise security.

Unable to initialize modular input "whois" defined in the app "SA-NetworkProtection": Introspecting scheme=whois: scr...

by Path Finder in

Stuck at Analytics Story Onboarding Assistant in Splunk ES Content Update (Splunk Cloud)

The Analytics Story Onboarding Assistant keeps on displaying "0% uploaded" everytime I press enable the rules (using ...

by Path Finder in

Splunk Enterpise Security download Issue

I am a Splunk Partner with license admin access.I’ve already downloaded the NFR license for Splunk Enterprise, but I ...

by New Member in

Changes (regression?) to export activity audit logging between Splunk versions.

In Splunk v7 we used to search index=_internal to find events that contained GET AND "/results/export?output" This...

by Loves-to-Learn Lots in

Dashboard PNG schedule export setting is not viewable

Hi All I am trying to add new lines in mail body of the already scheduled export as PNG, when clicked on the da...

by Explorer in

Entering a Note into a Splunk Finding

Sorry if this is a simple question, or one that may have been solved before. I haven't located anything to help yet....

by Engager in

Duplicate cases in SOAR

After pulling cases from ES to Phantom a certain label is assigned to the event , later it is automatically promoted ...

by Engager in

Custom Role on ES

Hello, I have create a custom role and assigned the same permissions as ess_user, including adding it to the enforc...

by Explorer in

Automate Investigation Creation in Mission Control

Is there a way to automatically escalate a finding (or set of findings) to an investigation in Splunk Enterprise Secu...

by New Member in

Facing issue where notables are changing urgency post getting autoclosed

Dear all, Facing an issue wherein few notables urgency getting changed post getting autoclose. i refer to splunk do...

by Communicator in

How to integrate SA-Investigator with ES

Greetings-- I installed SA-Investigator on our ESSearchHead, but I do not understand how to launch the App. It app...

by Communicator in

SPL to output Time To Resolution for Incidents by Urgency

So, I have been struggling with this for a few days. I have thrown it against generative AI and not getting exactly w...

by Path Finder in

Postgres vulnerability CVE-2025-1094

Why do we find postgres in /apps/splunk/splunkforwarder/quarantined_files/bin/postgres even if we have upgraded to 9....

by Engager in

Incident_updates_lookup not updating urgency and rule_name field

We're trying to customize the Meantime to Triage and Meantime to Resolution queries in the ES Executivity Summary das...

by Path Finder in

Create Investigation SOAR

Hi, I need to create an investigation with SOAR. When I create the investigation, it doesn't link the Finding to ...

by New Member in

Palo Alto and Checkpoint Event based detections

Hello, I see there are lots of Cisco event based detections and not many palo alto or checkpoint (fw, ids/ips, ...

by Path Finder in

"All time" time range in notable drilldown search

Hello fellow ES 8.X enjoyer. We have a few Splunk Cloud customer that got upgrade to ES 8.1. We have noticed that a...

by Explorer in

Exam: Splunk Enterprise Security Admin (SPLK-3001)

Hello Splunker, I hope you all are doing well. I prepare to take the SPLK-3001 Exam, and I want to know the ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Log ingestion delay

Password reset events

Splunk ES threat feeds empty

splunk es content management datamodel is Red

Splunk_TA_fortinet_fortigate - domain model Web

installing Splunk ES 8.02

Splunk ES 8.0.2 missing drill down

Getting an error after degrading Splunk enterprise security.

Stuck at Analytics Story Onboarding Assistant in Splunk ES Content Update (Splunk Cloud)

Splunk Enterpise Security download Issue

Changes (regression?) to export activity audit logging between Splunk versions.

Dashboard PNG schedule export setting is not viewable

Entering a Note into a Splunk Finding

Duplicate cases in SOAR

Custom Role on ES

Automate Investigation Creation in Mission Control

Facing issue where notables are changing urgency post getting autoclosed

How to integrate SA-Investigator with ES

SPL to output Time To Resolution for Incidents by Urgency

Postgres vulnerability CVE-2025-1094

Incident_updates_lookup not updating urgency and rule_name field

Create Investigation SOAR

Palo Alto and Checkpoint Event based detections

"All time" time range in notable drilldown search

Exam: Splunk Enterprise Security Admin (SPLK-3001)

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How to handle Defender Incidents/Alerts with ES No...

Splunk Enterprise Security API support for update ...

Clarification on UBA Capability in Splunk Enterpri...

KV Store communication fails with TLS errors after...

Findings Comments

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions