Splunk Enterprise Security

Community Activity

Single Enterprise Security searchhead cluster connected to 2 indexer clusters Hi All,I am investigating the possibility of consolidating our separate standalone ES Searchheads into a single clust... by waja1n0z1 Loves-to-Learn in Splunk Enterprise Security 05-04-2022 0 0	0	0
Trying to set default disposition of a notable correlation search Greetings.I've been trying to build a correlation search that sets a default disposition value when it runs but so fa... by mjones414 Contributor in Splunk Enterprise Security 05-03-2022 0 0	0	0
Getting error when trying to update notable event Has anyone found this error event? by sitthiporns Explorer in Splunk Enterprise Security 05-03-2022 0 0	0	0
Help with query to find out activity towards a particular URL query to find out activity towards a particular URL eg: URL - https://www.microsoft.com/en-us/security by cyber_Maddy Engager in Splunk Enterprise Security 05-02-2022 0 2	0	2
Stuck with Splunk ES Upgrade Hi Helpers - Below is my usecase where I am stuck with my ES upgrade. My Splunk version recently upgraded from 7.2.7 ... by nareshinsvu Builder in Splunk Enterprise Security 05-01-2022 0 1	0	1
Temporal sequence between a search and a multisearch Hi Splunkers,today I'm facing a problem related to temporal sequence between a multisearch and a search, but let me i... by SIEMStudent Path Finder in Splunk Enterprise Security 04-26-2022 0 0	0	0
How to create a Dashboard that will show SLA for alerts received on Incident review Dashboard? Hi Everyone, I am struggling a lot to create a Dashboard that will show SLA for alerts received on Incident review Da... by Aziz94 New Member in Splunk Enterprise Security 04-21-2022 0 3	0	3
Specific field not populating in dashboard panel Hello Community, I'm currently having trouble with a dashboard panel I'm making. The dashboard panel is supposed to d... by LionWolf Explorer in Splunk Enterprise Security 04-21-2022 0 1	0	1
Help creating a table that shows specific notable information Hello Community, I'm working on a search for a dashboard panel and I need some help.I'm looking to get the owner, sea... by LionWolf Explorer in Splunk Enterprise Security 04-20-2022 0 4	0	4
How to be able to reassign the Orphaned searches? I have tried reassigning the orphaned search to the new owner, but couldn't able to fix it. I am getting the error me... by RuckmaniElango New Member in Splunk Enterprise Security 04-20-2022 0 2	0	2
How to write Asset and Identity configuration? I have 2 sourcetype WinHostMon and wineventlog with Splunk add-on for Microsoft windows. After doing Asset and Identi... by hieuba6868 Explorer in Splunk Enterprise Security 04-19-2022 0 1	0	1
Do I tune the use-case search itself or modify the Threat Intelligence datamodel? I have a few Threat Intelligence data that have Use-Cases applied to them but I'm trying to filter out blocked events... by oylkm Explorer in Splunk Enterprise Security 04-18-2022 0 2	0	2
Why not getting Notables? I'm new to ES. I have taken the ES Admin course so I probably shouldn't have to ask for help but I'm pulling my hair... by timsheets13 Loves-to-Learn in Splunk Enterprise Security 04-18-2022 0 2	0	2
Column Chart over repeating day ranges- Is it possible to do a sum on "grouped days" Hello, I've been trying a few different ways, with no luck, to represent some server counts that I see happening on T... by mjon395 Explorer in Splunk Enterprise Security 04-15-2022 0 1	0	1
Does anybody know what is the purpose of this formula in one splunk use case from the content library Hello splunkers,While checking some use cases I found out one that I am interested of "Detect Spike in Network ACL ac... by jogonz20 Explorer in Splunk Enterprise Security 04-15-2022 0 2	0	2
Syslog input on Splunk HF and forward to Splunk AWS instance. Hello, I have a Splunk ES instance on AWS. All logs are forwarded there from a Splunk HF (full forwarding - no indexi... by b_chris21 Communicator in Splunk Enterprise Security 04-15-2022 0 5	0	5
How to create notable events with search? I have Power-user access only. I have a Splunk query and I enabled an alert as a Notable Event. And I also received t... by alexspunkshell Contributor in Splunk Enterprise Security 04-14-2022 0 1	0	1
SplunkES plus SOAR: Analyst List, Notable Assignment and Centralized Authentication Ever tried to assign a SplunkES Notable via Splunk SOAR to have it fail? So you also use centralized authentication s... by starcher Influencer in Splunk Enterprise Security 04-13-2022 2 0	2	0
How to set up Alert Collaborators when added in investigation? Hi, I am trying to work with splunks ESS. Currently I am stuck. Is there any way we can alert user once he/she is add... by Nawab Communicator in Splunk Enterprise Security 04-13-2022 0 0	0	0
Why is Service now Add on in Splunk is not extracting all the fields? Hello All, I'm using Service now add-on for Splunk and installed on Heavy forwarder. Through setup page in add-on I h... by srisahitya_v Communicator in Splunk Enterprise Security 04-12-2022 0 3	0	3
SplunkEnterpriseSecuritySuite: Why is correlation search next scheduled time in the past? Hello, What could be the explanation for a Correlation Search that is set to run live, on the Next Scheduled Time tab... by tokio13 Path Finder in Splunk Enterprise Security 04-11-2022 0 1	0	1
SplunkES: List Enabled Notable Activity Last 90 Days Handy search for a dashboardearliest=-90d@d `notable` \| eval isSuppressed=if(match(eventtype,"Suppression"),1,0) \| s... by starcher Influencer in Splunk Enterprise Security 04-11-2022 2 0	2	0
SplunkES - Find Job Issues Here is a handy way to skim all the job results from - Rule and - Gen searches with ES to look for issues.\| rest splu... by starcher Influencer in Splunk Enterprise Security 04-08-2022 1 0	1	0
Having some doubts about Updating Splunk Apps I have some doubts about Updating Splunk Apps.1. The Splunk Apps that comes pre-built/packed with Enterprise Security... by zacksoft_wf Contributor in Splunk Enterprise Security 04-07-2022 0 5	0	5
How to see when UF last send log to Splunk? I have multiple UF (Universal Forwarder) in my environment and all of those are sending logs to one IF (Intermediate ... by saibal_das Explorer in Splunk Enterprise Security 04-06-2022 0 2	0	2