Splunk Enterprise Security

Community Activity

Logs required for Splunk ES Content Update? Hi Splunkers, Is there a breakdown of logs required for Splunk ES Content updates? I have created my own list already... by david_monaghan Engager in Splunk Enterprise Security 10-05-2025 0 2	0	2
Search Head Crashing - BundleReplicatorThread Anyone run into this issue before?Getting this on one of my ES search heads. It's crashing like every 2 hours, has 32... by konka4 Splunk Employee in Splunk Enterprise Security 10-01-2025 0 2	0	2
Differences on throttling times Hello all,Is there any difference between setting a throttle window of 1d, 24h, 1440m or 86400s?I was told that it's ... by akai Explorer in Splunk Enterprise Security 09-29-2025 0 2	0	2
Log ingestion delay We are observing delayed ingestion of logs from neuvector application, via syslog method by tsa New Member in Splunk Enterprise Security 09-28-2025 0 2	0	2
Password reset events Can someone provide queries for the below Password reset events for a userinteractive and non interactive login attem... by EMDEEEEE New Member in Splunk Enterprise Security 09-28-2025 0 4	0	4
Splunk ES threat feeds empty Hello guys, since 08/20/2025 we have issues in ES downloading these feeds from Splunk servers. When we try with curl ... by splunkreal Motivator in Splunk Enterprise Security 09-22-2025 0 2	0	2
splunk es content management datamodel is Red Helloi have splunk enterprise 10.0.0 and install splunk enterprise security 8.1.1 when config cim on splunk es , sho... by aminab2421 Observer in Splunk Enterprise Security 09-21-2025 0 2	0	2
Splunk_TA_fortinet_fortigate - domain model Web I'm ingesting Fortigate logs using the Splunk_TA_fortinet_fortigate add-on, and I've noticed that these logs are not ... by Francois_Luno Loves-to-Learn in Splunk Enterprise Security 09-17-2025 0 3	0	3
installing Splunk ES 8.02 Getting error:Upload failed: Package is too large, must be less than 512 MB by waddellt Engager in Splunk Enterprise Security 09-16-2025 0 1	0	1
Splunk ES 8.0.2 missing drill down After a recent upgrade to Splunk ES 8.0.2, we have observed that none of the drill downs for detection based searches... by muhammadfahimma Explorer in Splunk Enterprise Security 09-15-2025 0 7	0	7
Getting an error after degrading Splunk enterprise security. Unable to initialize modular input "whois" defined in the app "SA-NetworkProtection": Introspecting scheme=whois: scr... by Inayath_khan Path Finder in Splunk Enterprise Security 09-14-2025 0 1	0	1
Stuck at Analytics Story Onboarding Assistant in Splunk ES Content Update (Splunk Cloud) The Analytics Story Onboarding Assistant keeps on displaying "0% uploaded" everytime I press enable the rules (using ... by azer271 Path Finder in Splunk Enterprise Security 09-09-2025 0 2	0	2
Splunk Enterpise Security download Issue I am a Splunk Partner with license admin access.I’ve already downloaded the NFR license for Splunk Enterprise, but I ... by ehsansplunk New Member in Splunk Enterprise Security 08-31-2025 0 5	0	5
Changes (regression?) to export activity audit logging between Splunk versions. In Splunk v7 we used to search index=_internal to find events that contained GET AND "/results/export?output" This pr... by D77 Loves-to-Learn Lots in Splunk Enterprise Security 08-30-2025 0 6	0	6
Dashboard PNG schedule export setting is not viewable Hi All I am trying to add new lines in mail body of the already scheduled export as PNG, when clicked on the dashboar... by MsF-2000 Path Finder in Splunk Enterprise Security 08-30-2025 0 0	0	0
Entering a Note into a Splunk Finding Sorry if this is a simple question, or one that may have been solved before. I haven't located anything to help yet.... by fraserphillips Engager in Splunk Enterprise Security 08-25-2025 0 5	0	5
Duplicate cases in SOAR After pulling cases from ES to Phantom a certain label is assigned to the event , later it is automatically promoted ... by Joei Engager in Splunk Enterprise Security 08-24-2025 0 1	0	1
Custom Role on ES Hello,I have create a custom role and assigned the same permissions as ess_user, including adding it to the enforce_e... by akai Explorer in Splunk Enterprise Security 08-22-2025 0 5	0	5
Automate Investigation Creation in Mission Control Is there a way to automatically escalate a finding (or set of findings) to an investigation in Splunk Enterprise Secu... by alatif113 New Member in Splunk Enterprise Security 08-20-2025 0 1	0	1
Facing issue where notables are changing urgency post getting autoclosed Dear all,Facing an issue wherein few notables urgency getting changed post getting autoclose. i refer to splunk docs ... by bishtk Communicator in Splunk Enterprise Security 08-14-2025 0 2	0	2
How to integrate SA-Investigator with ES Greetings-- I installed SA-Investigator on our ESSearchHead, but I do not understand how to launch the App. It appea... by richardphung Communicator in Splunk Enterprise Security 08-08-2025 1 3	1	3
SPL to output Time To Resolution for Incidents by Urgency So, I have been struggling with this for a few days. I have thrown it against generative AI and not getting exactly w... by pdgill314 Path Finder in Splunk Enterprise Security 08-05-2025 0 2	0	2
Postgres vulnerability CVE-2025-1094 Why do we find postgres in /apps/splunk/splunkforwarder/quarantined_files/bin/postgres even if we have upgraded to 9.... by Dolly Engager in Splunk Enterprise Security 08-04-2025 0 4	0	4
Incident_updates_lookup not updating urgency and rule_name field We're trying to customize the Meantime to Triage and Meantime to Resolution queries in the ES Executivity Summary das... by DeanDeleon0 Path Finder in Splunk Enterprise Security 08-01-2025 0 0	0	0
Create Investigation SOAR Hi,I need to create an investigation with SOAR.When I create the investigation, it doesn't link the Finding to the In... by Giancarlo_Pasq New Member in Splunk Enterprise Security 08-01-2025 0 0	0	0