Splunk Enterprise Security

Community Activity

Custom Role on ES Hello,I have create a custom role and assigned the same permissions as ess_user, including adding it to the enforce_e... by akai Explorer in Splunk Enterprise Security 08-22-2025 0 5	0	5
Automate Investigation Creation in Mission Control Is there a way to automatically escalate a finding (or set of findings) to an investigation in Splunk Enterprise Secu... by alatif113 New Member in Splunk Enterprise Security 08-20-2025 0 1	0	1
Facing issue where notables are changing urgency post getting autoclosed Dear all,Facing an issue wherein few notables urgency getting changed post getting autoclose. i refer to splunk docs ... by bishtk Communicator in Splunk Enterprise Security 08-14-2025 0 2	0	2
How to integrate SA-Investigator with ES Greetings-- I installed SA-Investigator on our ESSearchHead, but I do not understand how to launch the App. It appea... by richardphung Communicator in Splunk Enterprise Security 08-08-2025 1 3	1	3
SPL to output Time To Resolution for Incidents by Urgency So, I have been struggling with this for a few days. I have thrown it against generative AI and not getting exactly w... by pdgill314 Path Finder in Splunk Enterprise Security 08-05-2025 0 2	0	2
Postgres vulnerability CVE-2025-1094 Why do we find postgres in /apps/splunk/splunkforwarder/quarantined_files/bin/postgres even if we have upgraded to 9.... by Dolly Engager in Splunk Enterprise Security 08-04-2025 0 4	0	4
Incident_updates_lookup not updating urgency and rule_name field We're trying to customize the Meantime to Triage and Meantime to Resolution queries in the ES Executivity Summary das... by DeanDeleon0 Path Finder in Splunk Enterprise Security 08-01-2025 0 0	0	0
Create Investigation SOAR Hi,I need to create an investigation with SOAR.When I create the investigation, it doesn't link the Finding to the In... by Giancarlo_Pasq New Member in Splunk Enterprise Security 08-01-2025 0 0	0	0
Palo Alto and Checkpoint Event based detections Hello, I see there are lots of Cisco event based detections and not many palo alto or checkpoint (fw, ids/ips, thr... by hl Path Finder in Splunk Enterprise Security 07-29-2025 0 2	0	2
"All time" time range in notable drilldown search Hello fellow ES 8.X enjoyer.We have a few Splunk Cloud customer that got upgrade to ES 8.1. We have noticed that all ... by ejahnke Explorer in Splunk Enterprise Security 07-29-2025 1 3	1	3
Exam: Splunk Enterprise Security Admin (SPLK-3001) Hello Splunker,I hope you all are doing well. I prepare to take the SPLK-3001 Exam, and I want to know the Self-Stud... by AliMaher Path Finder in Splunk Enterprise Security 07-25-2025 0 2	0	2
Add-ons for microsoft products I would appreciate help from anyone who has encountered a similar problem: We are using Microsoft's E5 licensing with... by Amire22 Explorer in Splunk Enterprise Security 07-20-2025 0 3	0	3
Splunk not taking updated certificate server.pem We noticed this morning that all the certificates for our Splunk servers are expired since a week (discovered whilst ... by clacroixdurant Explorer in Splunk Enterprise Security 07-16-2025 0 2	0	2
ClusterManager Peer connection failed what does indicates 06-19-2025 11:09:33.046 +0000 ERROR AesGcm [65605 MainThread] - Text decryption - error in finali... by Mirza_Jaffar1 Loves-to-Learn in Splunk Enterprise Security 07-14-2025 0 7	0	7
Error saving event-based detection. Missing detection_id for the detection= Unable to update and save detections after upgrading to Splunk ES version 8.1.0. It says Detection ID is missing. by BJ17 Explorer in Splunk Enterprise Security 07-13-2025 0 4	0	4
Cannot add column to Analyst Queue in Enterprise Security 8.1 Hello,I have problem with Analyst queue:I am not able to add column to Analyst Queue in GUI. When I do this (using th... by lukasmecir Path Finder in Splunk Enterprise Security 07-13-2025 0 2	0	2
Correlation Search: Next Step: Ping - NSLOOKUP - Risk Analysis Hi,I tried to use the Next Step of the correlation search: Ping - NSLOOKUP - Risk AnalysisI was lucky to find the res... by AliMaher Path Finder in Splunk Enterprise Security 07-09-2025 0 0	0	0
Enterprise Security Correlation Searches are not updating the risk index We recently updated from Enterprise Security 7.3.2 to 8.0.4 Correlation searches are not updating the risk index.... by DufferDave Engager in Splunk Enterprise Security 06-30-2025 0 1	0	1
Reg to Download of ES I'm having Developer License but I'm unable to download the ES.Can any one help me in this.? by ramiiitnzv New Member in Splunk Enterprise Security 06-27-2025 0 3	0	3
Finding based finding / Risk based alerting not working properly Hi there,In Mission Control in our properly working Splunk environment, we see the following:This is exactly how we w... by Daavid Loves-to-Learn Lots in Splunk Enterprise Security 06-25-2025 0 0	0	0
Summarization searches not running on search head cluster HelloWe deployed a new Splunk cluster containing a Cluster Manager, 3x SHC members, 6x Indexers. The cluster has hund... by Sweets000 Engager in Splunk Enterprise Security 06-24-2025 0 5	0	5
How to integrate NextDNS with Splunk using NextDNS (Community App) Hi Team,Could you help me integrating NextDNS (Community App) with Splunk. I have downloaded and configured the app b... by tarun2505 Engager in Splunk Enterprise Security 06-16-2025 0 2	0	2
DMA - datamodel artifacts filling up the dispatch dir As the default ES DMA schedule is every 5min, and the ACCELERATE_DM_Splunk_SA_CIM*ACCELERATE jobs TTL is 24h, our di... by splunk_zen Builder in Splunk Enterprise Security 06-16-2025 0 5	0	5
Asset and identity from multiple domains HelloI have a search head configured with assets and identity from current ad domain.I have 5 more ad domains without... by Amire22 Explorer in Splunk Enterprise Security 06-12-2025 0 2	0	2
Splunkcloud ES - Missing an additional field in a notable event Hi Team,I have a notable event (Excessive Failed Logins on Multiple Targets) that I'm expecting to see the "dest" fie... by vy Explorer in Splunk Enterprise Security 06-11-2025 0 4	0	4