Splunk Enterprise Security

Discussions

Thread Info

How to use variable names in notable events?

I am trying to include dynamic names for a notable event that I have triggering. When I try to use $variable$ it just...

by Explorer in

Is there anyway to verify how many repeated alerts are being suppressed by Throttling.?

Hi Team, We are reviewing the use cases in our Splunk Enterprise security, We have given Thrott...

by Loves-to-Learn in

Eval command with check on sourcetype does not work with Data Model

Hi Splunkers, I have an issue with the use of Data Model, eval command and sourcetype as filter. Let me explain bet...

by Path Finder in

Getting errors messages Health Check: msg="A script exited abnormally with exit status:1" input="../configuration_chekc.py" after upgrading from Splunk Enterprise Security 5.1.1 to 6.1.0

We have upgraded Splunk Enterprise recently to 8.0.2.1 and all the apps in our environment to the latest version. One...

by Loves-to-Learn in

How to achieve the transpose or xyseries

Hi , I have 4 fields and those need to be in a tabular format .Out of which one field has the ratings which need t...

by Path Finder in

What parameter can I modify in limits.conf to solve delayed searches?

What parameter can i modify in limits.conf to solve that? The percentage of non high priority searches delayed (80...

by Engager in

Why is notable suppression not working?

Hello Splunkers, I configured a new Notable suppression in ES for a repeated notable based on source IP. I could s...

by Path Finder in

What is the use drop_dm_object_name() clause in a query with tstats.?

I am trying to find out what purpose drop_dm_object_name() serves.

by New Member in

Can you customize Additional Fields in Notable Events?

Is there a way to customize which additional fields to show for which Notable event /Co-relation search without affec...

by Engager in

How do I Add a cidr filter to the existing correlation rule?

Hi, I am a beginner.I have a correlation rule that :- searches for IP addresses that are port scans- search in the lo...

by Engager in

How to add link in ES Notable events "next steps" form?

Hi Guys, I would ask how to add a link on the next steps form. on the correlation search I read: "Add a...

by Motivator in

How can we track when Correlation searches were created

Hello We have multiple people working on the content in Splunk Enterprise Security, and I need to be able ...

by Loves-to-Learn in

Splunk ES: Best way to do a Yes/No or simple indicator for acceptance of an alert?

Hi all, My team needs to clear an alert with a totally different department before we consider it "published" for t...

by Engager in

One or more SHs in a SHC seem to go down frequently- Any suggestions?

I have a SHC consisting of 4 SHs (Splunk on-prem on AWS). One or the other SHs seem to go into down state. The only i...

by New Member in

How to migrate data in an indexer cluster to a new indexer cluster environment?

Hi peeps, I need some information about migrating data from an instance in a cluster environment to a new cluster ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

How to use variable names in notable events?

Is there anyway to verify how many repeated alerts are being suppressed by Throttling.?

Eval command with check on sourcetype does not work with Data Model

Getting errors messages Health Check: msg="A script exited abnormally with exit status:1" input="../configuration_chekc.py" after upgrading from Splunk Enterprise Security 5.1.1 to 6.1.0

How to achieve the transpose or xyseries

What parameter can I modify in limits.conf to solve delayed searches?

Why is notable suppression not working?

What is the use drop_dm_object_name() clause in a query with tstats.?

Can you customize Additional Fields in Notable Events?

How do I Add a cidr filter to the existing correlation rule?

How to add link in ES Notable events "next steps" form?

How can we track when Correlation searches were created

Splunk ES: Best way to do a Yes/No or simple indicator for acceptance of an alert?

One or more SHs in a SHC seem to go down frequently- Any suggestions?

How to migrate data in an indexer cluster to a new indexer cluster environment?

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

How can I automatically and evenly assign notables...

Risk-Based Alerting FAQs

threat intelligence upload not working too

Splunk Enterprise Security - permissions issue

Splunk Enterprise Security Install Error In Deploy...