Splunk Enterprise Security

Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
NDabhi21

How get data, which are the index fields are used in which alert or search or dashboards?

would like to reduce the Log data size in index by cut field which are not useful for the use case .  Before cut fiel...
by NDabhi21 Explorer in Splunk Enterprise Security 08-08-2022
0 3
0
3
XavG

Threat activity - Errors in correlation search related to RBA?

Hi, I'm wondering if there isn't an issue with the correlation search that comes with Splunk ES "Threat activity dete...
by XavG Engager in Splunk Enterprise Security 08-05-2022
2 3
2
3
hariskhan

Does Splunk ES have ticket management availability?

Dear Splunkers, Does splunk ES( when purchased) comes with any build-in ticket management system or one has to buy a ...
by hariskhan Explorer in Splunk Enterprise Security 08-05-2022
0 6
0
6
vikram1583

Can some one help me in explaining below Splunk ES Rule

Rule Name : Abnormally High Number of Endpoint Changes By User Description: Detects an abnormally high number of end...
by vikram1583 Explorer in Splunk Enterprise Security 08-04-2022
0 3
0
3
NDabhi21

How do I write a query for Audit Searches?

Hi All, Please suggest the query or solution to achieve below requirement. 1. List of searches or query run by user (...
by NDabhi21 Explorer in Splunk Enterprise Security 08-03-2022
0 2
0
2
DaMushroomCloud

Why are OSSEC logs being sent to Splunk but not being processed by Splunk's IDS Datamodel?

Hello Splunk Community,History of problem:I recently was trying to update OSSEC agents and some needed to be reinstal...
by DaMushroomCloud Engager in Splunk Enterprise Security 08-02-2022
0 1
0
1
zacksoft_wf

Is Splunk Add-on for Symantec Endpoint Protection backwards compatible with CIM 4?

In the splunkbase  it says "Splunk Add-on for Symantec Endpoint Protection"  TA's latest version 3.4.0  is compatible...
by zacksoft_wf Contributor in Splunk Enterprise Security 08-02-2022
1 0
1
0
beano501

ESCU and Enterprise Security Incident Review- Why are results inconsistent?

Not sure I am missing something, but the Correlation Searches provided by ESCU are not consistent in their results. S...
by beano501 Explorer in Splunk Enterprise Security 08-01-2022
0 1
0
1
hkarthikeyan

How to set priority and field in Splunk dashboard?

by hkarthikeyan New Member in Splunk Enterprise Security 07-31-2022
0 3
0
3
neerajs_81

ES : Why is time range picker not working for incident_review macro?

Hello,  In ES when we run the following macro for Last 30 mins or Last 24 H time range,  splunk ends up displaying re...
by neerajs_81 Builder in Splunk Enterprise Security 07-29-2022
0 6
0
6
yourfriend

Tenant to Tenant migration through ODM

Hi All,Our Client has sell off some part of it to another company, Here I am using "CL"  as our client "ZX" as new co...
by yourfriend Loves-to-Learn in Splunk Enterprise Security 07-28-2022
0 0
0
0
dm1

Why are some dashboards not visible in ES after ES upgrade to 7.0.1 from 6.2.0?

I just upgraded Splunk ES from 6.2.0 to 7.0.1 on Splunk Core version 8.1.5. However, some of the dashboards like Clou...
by dm1 Contributor in Splunk Enterprise Security 07-25-2022
0 0
0
0
aranjan

How to ingest Oracle IDCS logs using Rest API into splunk

Need help in building Rest API in splunk ES for Oracle IDCS
by aranjan New Member in Splunk Enterprise Security 07-22-2022
0 0
0
0
jkay2016

What is Macro : modular_action_invocations(Apps: Splunk_SA_CIM)?

Hi I noticed a quite a number job running in the background attributed to the macro "modular_action_invocations". Fro...
by jkay2016 Engager in Splunk Enterprise Security 07-22-2022
2 3
2
3
yourfriend

Process Injection related query

Hello Team,                          We are using Enterprise security in our environment and we have created correlat...
by yourfriend Loves-to-Learn in Splunk Enterprise Security 07-21-2022
0 0
0
0
swagner1965

Best way to move windows logs via portable media from stand alone systems

Hi, We use a few stand alone systems for scanning media and other tasks in our group. We are required to retrieve a...
by swagner1965 Path Finder in Splunk Enterprise Security 07-21-2022
0 3
0
3
warsaw

Why is variable Substitution not working in drill down searches?

I have a correlation search where 'dest' field is present, and in drilldown search I have mentioned      | search des...
by warsaw Loves-to-Learn Lots in Splunk Enterprise Security 07-20-2022
0 7
0
7
Azeemering

How to resolve Threat Artifacts report false postives in Threat Activity

An Example:We have defined two malicious urls in the local_http_intel This triggers false positives in the Threat Ac...
by Azeemering Builder in Splunk Enterprise Security 07-19-2022
0 0
0
0
mdicenzo

How to use variable names in notable events?

I am trying to include dynamic names for a notable event that I have triggering. When I try to use $variable$ it just...
by mdicenzo Explorer in Splunk Enterprise Security 07-11-2022
0 0
0
0
yourfriend

Is there anyway to verify how many repeated alerts are being suppressed by Throttling.?

Hi Team,                    We are reviewing the use cases in our Splunk Enterprise security, We have given Throttlin...
by yourfriend Loves-to-Learn in Splunk Enterprise Security 07-08-2022
0 7
0
7
SIEMStudent

Eval command with check on sourcetype does not work with Data Model

Hi Splunkers,I have an issue with the use of Data Model, eval command and sourcetype as filter. Let me explain better...
by SIEMStudent Path Finder in Splunk Enterprise Security 07-05-2022
0 1
0
1
schandrasekar

Getting errors messages Health Check: msg="A script exited abnormally with exit status:1" input="../configuration_chekc.py" after upgrading from Splunk Enterprise Security 5.1.1 to 6.1.0

We have upgraded Splunk Enterprise recently to 8.0.2.1 and all the apps in our environment to the latest version. One...
by schandrasekar Loves-to-Learn in Splunk Enterprise Security 07-01-2022
0 8
0
8
dtccsundar

How to achieve the transpose or xyseries

Hi ,I have  4 fields and those need to be in a tabular format .Out of which one field has the ratings which need to b...
by dtccsundar Path Finder in Splunk Enterprise Security 07-01-2022
0 4
0
4
Valen1

What parameter can I modify in limits.conf to solve delayed searches?

What parameter can i modify in limits.conf to solve that? The percentage of non high priority searches delayed (80%) ...
by Valen1 Engager in Splunk Enterprise Security 07-01-2022
1 3
1
3
kkrises

Why is notable suppression not working?

Hello Splunkers, I configured a new Notable suppression in ES for a repeated notable based on source IP. I could see ...
by kkrises Path Finder in Splunk Enterprise Security 07-01-2022
0 4
0
4
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...
Top Solution Authors
View All