Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
anil_256

What is the Splunk pricing annually for dealing 10 GB data per day?

I want to know the splunk cost annually for dealing 10 GB data per day
by anil_256 New Member in Splunk Enterprise Security 11-02-2022
0 1
0
1
spl_asker

Collect command does not work for a certain source in an index?

As mentioned in the title above, collect command is not able to add an event to a source of an index. The collect com...
by spl_asker Engager in Splunk Enterprise Security 11-02-2022
0 2
0
2
learnyboi1

Splunk jobs not completing- Why are they running at over 100%, some as high as over 150%?

Hey everyone! Has anyone ever experienced jobs running over 100%, sometimes as high as 150%/160% and not completing? ...
by learnyboi1 Observer in Splunk Enterprise Security 10-31-2022
0 0
0
0
Erilope

How do I delete reports created by Splunk Enterprise Security?

Hello, I wanted to ask if there was a way I can delete reports created by Enterprise Security? There are reports crea...
by Erilope Explorer in Splunk Enterprise Security 10-27-2022
0 2
0
2
LIP

Splunk ES Drill-Down- How do I receive 2 separate notable alerts?

I created the following correlation alerts in ES with Notable Index=fw (dest_ip=1.2.3.4 OR dest_ip=1.2.3.5) The alert...
by LIP Loves-to-Learn in Splunk Enterprise Security 10-23-2022
0 1
0
1
lugoon

More Enterprise Security Correlation Search Variable Substitution for Contributing Events- Is there documentation?

As in previous posts I am talking about using variables or tokens in the Contributing Events part of enterprise secur...
by lugoon Explorer in Splunk Enterprise Security 10-21-2022
0 0
0
0
umesh

Is there a drill down search variable substitution?

Hi  I have two questions here  1.In the drill down search i have given dest=$dest$ and it is not working and when i c...
by umesh Path Finder in Splunk Enterprise Security 10-19-2022
0 3
0
3
Ash

How to know the correlation search query and time range conditions for two of these use cases?

Please let me know the correlation search query and time range conditions for two of these usecases. I have windows p...
by Ash Engager in Splunk Enterprise Security 10-18-2022
0 0
0
0
Dworsnop

How to make Splunk ES override urgency changes?

Hi all, I have a correlation search that passes alerts from another system into ES and I need to prevent the urgency ...
by Dworsnop Path Finder in Splunk Enterprise Security 10-17-2022
0 3
0
3
chromefinch

Why are risk objects not being normalized against assets and identities?

I'm using RBA and am having issues with duplicate notables for the same thing. For example, I'll get a notable for bo...
by chromefinch Loves-to-Learn Lots in Splunk Enterprise Security 10-17-2022
0 1
0
1
Lye

Why am I not getting the correct percentage difference?

HelloKindly assist me in this query/solution.I have a long list of IPs that logged in. Out of this list, I want to kn...
by Lye Path Finder in Splunk Enterprise Security 10-15-2022
0 11
0
11
torstein1

Risk based alerting - Contributing Risk Events Drilldown not working?

Hi, I have problems with the drilldown button in the "Risk Event Timeline" view for an Risk Notable. When expanding R...
by torstein1 Explorer in Splunk Enterprise Security 10-14-2022
5 5
5
5
Ash

Search for failed logins: Why is the search creating false positive alerts?

Hello, I have created a search for failed logins for win,linux and network devices from authentication datamodel but ...
by Ash Engager in Splunk Enterprise Security 10-13-2022
0 0
0
0
HeinzWaescher

Enterprise Security Threat Intelligence - Lookup population?

Hi,I'm starting with ES Threat Intelligence and am wondering, how threat intel data is populated to the KV stores use...
by HeinzWaescher Motivator in Splunk Enterprise Security 10-13-2022
0 1
0
1
dokaas_2

Is there a way to query ES investigations for artifacts?

Is there a way to query ES investigations for artifacts?  For example, suppose that I have a current notable with a h...
by dokaas_2 Communicator in Splunk Enterprise Security 10-12-2022
0 0
0
0
Gaikwad

Unable to find sourcetype="ms365:defender:incident:alerts"?

Unable to find sourcetype="ms365:defender:incident:alerts"can u pls help 
by Gaikwad Explorer in Splunk Enterprise Security 10-12-2022
0 7
0
7
Splunk_Master01

Comparing IP Addresses after using the Join Command?

Hi Team, I am trying to compare IP addresses but I am unable to find any logic that can do so with the below query: i...
by Splunk_Master01 Explorer in Splunk Enterprise Security 10-12-2022
0 0
0
0
Splunk_Master01

Fields Not Showing After I Add Them in The Incident Review Settings Page?

Hi All, I want to display some additional fields and I have added them by following the below method: Configure -> In...
by Splunk_Master01 Explorer in Splunk Enterprise Security 10-11-2022
1 0
1
0
syazwani

How to join information into one table?

Hi peeps,I want to join below information result in one table: 1st queryindex=sslvpn| iplocation src_ip| search Count...
by syazwani Path Finder in Splunk Enterprise Security 10-11-2022
0 1
0
1
verbal_666

Does Splunk "Clean All" make itself a backup of auth data for logging into the instance?

In many Splunk official Documentation we read sometimes, to "wipe" an instance, to launch the command   splunk clean ...
by verbal_666 Builder in Splunk Enterprise Security 10-11-2022
0 2
0
2
Toto1

Unable to open some correlation rules in Splunk enterprise security?

When I click on some correlation rules in content management in Splunk ES, I get the following error and it does not ...
by Toto1 Engager in Splunk Enterprise Security 10-10-2022
1 1
1
1
R00ster

CIM Field Values- Do field values have to be consistent for ES or doesn't it matter?

Hello Do field values have to be consistent for ES or doesn't it matter?  So in the wineventlog if src is sometimes t...
by R00ster Engager in Splunk Enterprise Security 10-10-2022
0 2
0
2
waynemurraysgs

How to prevent notable events from being created in Enterprise Security when the source is one of the scanning devices?

We have several devices that perform endpoint and network device scanning.  As intended, they are scanning prohibited...
by waynemurraysgs Engager in Splunk Enterprise Security 10-09-2022
0 3
0
3
Win

How to create a table to display different users who logged in from same clientip?

Hi, I am a student and new to Splunk. I really need help creating a table like this: The goal is to detect different ...
by Win Explorer in Splunk Enterprise Security 10-06-2022
0 2
0
2
att35

Threat Intel lookup - Can we change how frequently ES reads new information?

Hi all,We have few Custom CSV lookups that have been added to ES for Threat Intel. For the existing data, we can look...
by att35 Builder in Splunk Enterprise Security 10-06-2022
0 1
0
1
Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...
Top Solution Authors
View All