Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
k115

Web application firewall use case: How to find top targeted domain on my domain?

Hi Team,I am working on web application firewall related use case, I wanna find out top targeted domain on my domain....
by k115 Engager in Splunk Enterprise Security 01-06-2023
0 1
0
1
vpsmax1

How to add new field to existing CIM data model?

Hello. Using the eval function, trying to add a new field to the Change data model.  When I try to add the new field ...
by vpsmax1 Loves-to-Learn in Splunk Enterprise Security 01-06-2023
0 3
0
3
hperez

Where can I view created notable alert suppression entries in ES?

Hello, Where can I view notable alert suppression entries in ES? I'm looking for a way to not only audit these entrie...
by hperez Explorer in Splunk Enterprise Security 01-06-2023
0 4
0
4
balu1211

How to reduce notable events that correlation search has generating?

Hi, I have created an advance threat protection incidents  Correlation Search which is   generating notable events ho...
by balu1211 Path Finder in Splunk Enterprise Security 01-06-2023
0 1
0
1
sekhar463

Is there customization required for Salesforce integration with Splunk for below case?

Hello experts, I am trying to integration salesforce cloud modules into splunk for security monitoring. Does anyne ha...
by sekhar463 Path Finder in Splunk Enterprise Security 01-06-2023
0 0
0
0
rajwdc

Salesforce splunk integration- Why don't we see any logs?

We are configuring salesforce splunk integration in our salesforce sandbox. We followed the documentation provided by...
by rajwdc New Member in Splunk Enterprise Security 01-06-2023
0 1
0
1
sajohnson6

How do I stop Multiple Analysts from grabbing the same event?

We have several analysts in multiple locations that are working from the same Incident Review channel.  After someone...
by sajohnson6 Explorer in Splunk Enterprise Security 01-04-2023
0 0
0
0
Doreluss

Is there a way to search for updated DAT and AMCORE files in Splunk ?

Is there a way to search for updated DAT and AMCORE files in Splunk ?
by Doreluss Loves-to-Learn Lots in Splunk Enterprise Security 01-04-2023
0 0
0
0
hettervik

Why do we get errors on the REST command in the Investigation Overview dashboard on Splunk ES?

Hi, After upgrading to Splunk ES version 6.0.0 we got the Investigation Overview dashboard, but we have some problem...
by hettervik Builder in Splunk Enterprise Security 01-04-2023
0 3
0
3
Doreluss

Is there a way to get alerts when routers or switches go down on your network or any endpoint?

Is there a way to get alerts when routers or switches go down on your network or any endpoint?    V/R SD
by Doreluss Loves-to-Learn Lots in Splunk Enterprise Security 01-03-2023
0 1
0
1
Doreluss

SPLUNK ADD-On For Network Infrastructure is now end of life- Is there any other way to monitor network devices?

Good evening everyone.... Being that the Splunk ADD-ON for Infrastructure is now end of life is there any other way t...
by Doreluss Loves-to-Learn Lots in Splunk Enterprise Security 01-03-2023
0 0
0
0
nagar57

Change python version from 2.7 to 3.7 at script level

I am using Splunk 8.0.8. I have python versions 2.7 and 3.7 installed in $Splunk_Home/bin folder but all my python sc...
by nagar57 Communicator in Splunk Enterprise Security 12-28-2022
0 0
0
0
plimon

Sequence Template/Events Bug (not working) with Splunk ES version 5.2.2?

Hello Splunk Community, My organization has recently upgraded to Splunk ES 5.2.2. I have been trying to create a cus...
by plimon Explorer in Splunk Enterprise Security 12-27-2022
0 2
0
2
gcusello

lookup in suppression search

Hi at all,In Enterprise Security, I'm trying to customize a Suppression Rule inserting a lookup containing the ip add...
by SplunkTrust SplunkTrust in Splunk Enterprise Security 12-23-2022
0 2
0
2
Zaires

The following required arguments are missing: last_updated.

Hello,I am trying to add a data input to an app I created using Splunk Add-on Builder. I enabled checkpointing and sp...
by Zaires Observer in Splunk Enterprise Security 12-23-2022
0 0
0
0
davidem

Splunk Security Essentials - Mitre Map does not report each correlation search?

Hi Splunkers, I have a problem with the "Splunk Security Essentials" application. Currently, I have 34 activated corr...
by davidem Explorer in Splunk Enterprise Security 12-22-2022
0 1
0
1
umesh

Why is there an increase in security notables event count?

Hi Team,   I have created a notable in the Splunk ES and i received a notable and i analyzed the notable and i can se...
by umesh Path Finder in Splunk Enterprise Security 12-21-2022
0 2
0
2
OnderSentira

How to create Alert when event is ended

Hi,As soon as an event ends I want to create an alert and want to sent email with Shipment ID which is ended.Example ...
by OnderSentira Path Finder in Splunk Enterprise Security 12-20-2022
0 2
0
2
k115

How to gather total amount of traffic from the Radware DDOS app?

Hi guys,I have configured radware DDOS app into splunk,I want gather the total amount of traffic from the DDOS app in...
by k115 Engager in Splunk Enterprise Security 12-14-2022
0 0
0
0
soumyasaha25

What is the capability needed to view Adaptive responses section in incident review page on ES?

can someone point me to the capabilty that needs to be provided for ES users to be able to view Adaptive responses se...
by soumyasaha25 Contributor in Splunk Enterprise Security 12-14-2022
0 0
0
0
gcusello

Custom App integrated in ES

Hi at all,I would to use a custom App to contain all the custom Correlation Searches I'm creating on ES.I need that t...
by SplunkTrust SplunkTrust in Splunk Enterprise Security 12-12-2022
0 3
0
3
k115

How to lookup the external ip type, with threat intelligence lookup by splunk search query?

Hi,I have to create use case related to blocked ip's by external to internal network. I can create search query for t...
by k115 Engager in Splunk Enterprise Security 12-12-2022
0 1
0
1
Ruts

Unable to have Splunk index logs centrally stored on NAS

New to Splunk. Attempting to have Splunk monitor and index logs from NAS. Logs are being centrally stored on a NAS fr...
by Ruts Loves-to-Learn Lots in Splunk Enterprise Security 12-11-2022
0 0
0
0
diksha1

How to parse XML log?

Hi All, We are getting XML logs in our Splunk but from investigation perspective it's very hard for us to read the da...
by diksha1 New Member in Splunk Enterprise Security 12-09-2022
0 1
0
1
Azeemering

Where can I find information on how to troubleshoot Splunk ES Threatmatch errors?

Hello, Where do I find information on how to troubleshoot the below error:2022-12-05 15:21:53,383+0000 INFO pid=29967...
by Azeemering Builder in Splunk Enterprise Security 12-05-2022
0 1
0
1
Get Updates on the Splunk Community!

From GPU to Application: Monitoring Cisco AI Infrastructure with Splunk Observability ...

AI workloads are different. They demand specialized infrastructure—powerful GPUs, enterprise-grade networking, ...

Application management with Targeted Application Install for Victoria Experience

  Experience a new era of flexibility in managing your Splunk Cloud Platform apps! With Targeted Application ...

Index This | What goes up and never comes down?

January 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...
Top Solution Authors
View All