Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
leszek109

Is it possible to change time format for column Receipt Time in Incident Review window?

Is it possible to change format time for the column "Receipt Time" in "Incident Review"? Currently I see this time in...
by leszek109 Engager in Splunk Enterprise Security 09-26-2022
0 1
0
1
Ash

Input lookup results: How to exclude results from Lookups?

Hi, index=network sourcetype=cisco:asa NOT src_ip IN("10.0.0.0/8","10.0.0.1,"10.0.0.2") | bucket _time span=1m| stats...
by Ash Engager in Splunk Enterprise Security 09-23-2022
0 3
0
3
yourfriend

Where can I find Splunk logs for Content management in Splunk Enterprise security?

Hello Team, In our environment, we have created use cases in the content management in Splunk ES. We want to know the...
by yourfriend Loves-to-Learn in Splunk Enterprise Security 09-22-2022
0 1
0
1
NightShark

Threat Activity Detecting Possibly Old Intel From Old Lookup- Search shows more than specified?

Hello Splunkers, I have a search created below to only detect local ip intel specified manually by the user: | tstats...
by NightShark Path Finder in Splunk Enterprise Security 09-22-2022
0 8
0
8
Gaikwad

In Splunk Fortinet FortiGate app - Wireless and System dashboards are not working?

In the Splunk Fortinet FortiGate app - wireless and System dashboards are not workingboth dashboards are not showing ...
by Gaikwad Explorer in Splunk Enterprise Security 09-20-2022
0 0
0
0
tromero3

Variable substitution not working in correlation search?

I have a correlation search for detecting when host stops sending logs. I enabled the search and set the title as bel...
by tromero3 Path Finder in Splunk Enterprise Security 09-20-2022
0 4
0
4
omri_p

Splunk Add-on for Windows - DNS Not Mapped to CIM?

i have installed the Splunk Add-on for Windows app to monitor DNS logs using the Debugging enabled option on my serve...
by omri_p Engager in Splunk Enterprise Security 09-20-2022
3 3
3
3
spctravis

Risk isn't showing up in the Edit Correlation Search?

I have an app with my alerts. I have risk enabled and it's working however risk isn't showing up in the Edit Correlat...
by spctravis Explorer in Splunk Enterprise Security 09-20-2022
0 2
0
2
sheamus69

Has anyone had experience of ingesting logs from VMWare Unified Access Gateway?

Has anyone had experience of ingesting logs from VMWare Unified Access Gateway (UAG)? Splunkbase doesn't seem to have...
by sheamus69 Communicator in Splunk Enterprise Security 09-19-2022
0 11
0
11
Prashanta

What apps are used for splunk in soc in bank?

which apps are used in Splunk soc in a bank ?? for threat intel, incident response, and so on.
by Prashanta New Member in Splunk Enterprise Security 09-18-2022
0 1
0
1
AntoineDRN

Is it possible to get the creation date of a correlation search?

Hello Splunkers,   I was wondering if there is a way to get the creation date of a correlation search.  If so, what i...
by AntoineDRN Path Finder in Splunk Enterprise Security 09-16-2022
0 4
0
4
hwang2021

How to change the event time of ES Incident Review

Hello, I am new for Splunk ES.To configure the ES Incident Review, I use the default setting for the Time which shoul...
by hwang2021 Loves-to-Learn Lots in Splunk Enterprise Security 09-16-2022
0 2
0
2
amartin6

How do we prevent Content Update popup window in ES 7.0?

We are planning to upgrade ES from 6.6.2 to 7.0.1, one of the new features will have a pop up window indicating that ...
by amartin6 Path Finder in Splunk Enterprise Security 09-15-2022
0 0
0
0
drih

Expiration of Threat Intel in Enterprise Security- Once file is uploaded, should we remove rows from CSV to start it?

Hi, We use the threat intelligence app within Enterprise security and use the local IP intel csv (local_ip_intel.csv)...
by drih Engager in Splunk Enterprise Security 09-15-2022
1 0
1
0
yourfriend

Is there any way to know about hot warm cold frozen buckets lifespan from Splunk GUI?

Hello Splunk team, I have two doubts please help me with details, 1. We are using Splunk cloud platform for Enterpris...
by yourfriend Loves-to-Learn in Splunk Enterprise Security 09-13-2022
0 4
0
4
tonymorin

Splunk Enterprise Security: How can I edit a notable table in the Incident Review dashboard to alternate row colors?

I want to zebra strip (gray, white, gray, white)/alternate the row colors in the triggered notable table in the Incid...
by tonymorin Explorer in Splunk Enterprise Security 09-13-2022
0 3
0
3
cdp_fap

Can Splunk HEC enable client authentication?

I want to enable client authentication. so I midify $SPLUNK_HOME/etc/apps/splunk_httpinput/local/inputs.conf [http]di...
by cdp_fap Observer in Splunk Enterprise Security 09-13-2022
0 0
0
0
AntoineDRN

Tried to edit one notable and 15,000 events got updated instead- Is there a way to rollback?

Hello Splunkers,   We had some trouble with notable events.  Long story short, by wanting edit one notable, something...
by AntoineDRN Path Finder in Splunk Enterprise Security 09-13-2022
0 0
0
0
aakwah

How to change notable event row color or the color of any field in incident review dashboard?

Hi, I'd like to change Notable Event row color or the color of any field in incident review dashboard to easily ident...
by aakwah Builder in Splunk Enterprise Security 09-13-2022
0 0
0
0
sivareddy

Ho do I resolve Splunk Enterprise Security error: View more information about your request (request ID = 631c96cc4c7fa17

while opening into search head server get error as : View more information about your request (request ID = 631c96cc4...
by sivareddy Loves-to-Learn Lots in Splunk Enterprise Security 09-10-2022
0 0
0
0
Gabriel_CCI

How to link each fired alert to respective saved search?

Hi community! I have a dashboard that shows the alerts on table and in the graph, the questions is How I can link eac...
by Gabriel_CCI Explorer in Splunk Enterprise Security 09-06-2022
0 1
0
1
cjacklum

Why does the Notable Incident Review Status dropdown have "No Matches"?

We are in SplunkCloud with ES 7.0.0 As a user with the sc_admin or ess_admin role when selecting an incident to edit,...
by cjacklum Engager in Splunk Enterprise Security 09-06-2022
0 1
0
1
MinaMina

How to get SQL server logs into Splunk for Enterprise Security?

Hello, I need to put sql server logs into Splunk for Enterprise Security. Is there any add-on available? I found an ...
by MinaMina New Member in Splunk Enterprise Security 09-06-2022
0 9
0
9
rockzers

How do I compare two indexes with the same value and a different field name?

i installed universal forwarder 4 machine this event log is getting my pci want to compare my event log and universal...
by rockzers Path Finder in Splunk Enterprise Security 09-01-2022
0 1
0
1
danielbb

How does ES compare with Chronicle Security of Google?

Is there a comparison between ES and Chronicle Security of Google? A top official here wonders about it.
by danielbb Motivator in Splunk Enterprise Security 08-31-2022
0 1
0
1
Get Updates on the Splunk Community!

Application management with Targeted Application Install for Victoria Experience

  Experience a new era of flexibility in managing your Splunk Cloud Platform apps! With Targeted Application ...

Index This | What goes up and never comes down?

January 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination

The Power of Two: Splunk + Cisco at "Ludicrous Scale"   You know Splunk. You know Cisco. But have you seen ...
Top Solution Authors
View All