Splunk Enterprise Security

Community Activity

How to limit memory usage for a search? Could you please tell me about the following? If I want to limit memory usage for a search, is it correct to think th... by human96 Communicator in Splunk Enterprise Security 02-17-2022 0 3	0	3
Assets Exceeding Field Limits, Source: [merge] Been getting messages saying that some identities are exceeding the field limits. I've increased the limit on some of... by pizzor Path Finder in Splunk Enterprise Security 02-17-2022 0 4	0	4
How to create an Index in splunk to send data through TCP port We have some firewall devices sending data to one index previously. Now I have to create new index for some of the de... by Mukunda7 Explorer in Splunk Enterprise Security 02-16-2022 0 3	0	3
Splunk enterprise security-is there a way to execute the following process of the OS? is there a way to execute the following process of the OS? ?? -Cluster master server (Splunk Enterprise installed) ... by human96 Communicator in Splunk Enterprise Security 02-15-2022 0 1	0	1
How to find the most use cases trigger alerts in Splunk? Greetings! I need to know how I can find the most use cases trigger alerts in Splunk. is there any specific search qu... by engmohdissam New Member in Splunk Enterprise Security 02-11-2022 0 1	0	1
ldapsearch How would I find sAMAccountName(s) - more than one. I have tried boolean operators and(&) or(\|) to no avail. Currentl... by deepdiver Loves-to-Learn Everything in Splunk Enterprise Security 02-10-2022 0 1	0	1
Fine-tuning Enterprise Security? Hello everyone!I'm looking for assistance with fine-tuning Enterprise Security.I've been working hard with configurin... by Stefanie Builder in Splunk Enterprise Security 02-10-2022 0 2	0	2
How to tune search for detection of DNS tunnels rule I need help on how I can tune the search below. It creates too much noise. I will like to know what steps I can use t... by yawdeals New Member in Splunk Enterprise Security 02-09-2022 0 5	0	5
How to find out which data model a particular app maps to? How do I find out which data model a particular app "maps" to? Specifically the Cisco security suite ... I see it is ... by tmkunte Engager in Splunk Enterprise Security 02-08-2022 0 2	0	2
Upgrading Enterprise Security in search head cluster Hi, I'm having an issue with my deployer and search head cluster while upgrading enterprise security. In step 8 of th... by TheBravoSierra Path Finder in Splunk Enterprise Security 02-02-2022 0 0	0	0
invalid key for param.default_disposition on Splunk ES 6.6.0 I recently installed brand new Splunk 8.2.2, then installed Splunk ES 6.6.0 on it, after Splunk ES installed and conf... by joshuahuang1 Engager in Splunk Enterprise Security 02-02-2022 0 1	0	1
Different Search Results From Two Macros With Same Contents Hello everyone. I'm looking for some assistance with a problem where I get differing search results from what should ... by securitypaul Explorer in Splunk Enterprise Security 02-02-2022 0 3	0	3
How to automatically assign a recent random notable to a specific user Hello,I would like to assign random new "unassigned" notables to a specific user.I wanted to accomplish this via a sa... by NightShark Path Finder in Splunk Enterprise Security 02-01-2022 0 7	0	7
Different results for same search on same search head for rest call or save search. Hello there, I get different results when I run a rest call. For example I ran a rest command to bring all the dashbo... by sohailmohammed Path Finder in Splunk Enterprise Security 01-31-2022 0 6	0	6
Threat Artifacts setting Hello Splunkers, is there any way to change that red box name as a test?? Thank you in advance  by WildHuckleberry Path Finder in Splunk Enterprise Security 01-27-2022 0 1	0	1
check traffic -RDP connections Helloany ideas how can i check rdp attempts or connections in Splunk? many thanks by Pablo00 Explorer in Splunk Enterprise Security 01-26-2022 0 2	0	2
Merging identity lookups fails Hi Splunkers,I have an issue merging two identity lookup files on ES. In particular, my first lookup file has rows li... by vagnet Explorer in Splunk Enterprise Security 01-26-2022 0 1	0	1
Splunk 8.0 ES Hi all, I am having huge problem with ES on splunk v8.0 . I upgraded my instance and when i have tried to upgrade ... by astatrial Contributor in Splunk Enterprise Security 01-20-2022 0 5	0	5
Export Splunk Enteprise Security and move app to another server Hello everyone,I have read the documentation about exporting Splunk ES content as an app:https://docs.splunk.com/Docu... by b_chris21 Communicator in Splunk Enterprise Security 01-20-2022 0 3	0	3
How can I run a search that shows the time notable events were created, were assigned and then closed in ES? Hi,I am trying to figure out a way in which i can display the creation time of notable event, the time it was assigne... by ezmo1982 Path Finder in Splunk Enterprise Security 01-20-2022 0 0	0	0
is there a way to find out when a correlation search was created in Splunk ES ? I was able to find the date when the correlation search was last updated, but cant seem to find the original creation... by saurabhkharkar Path Finder in Splunk Enterprise Security 01-20-2022 0 0	0	0
How do I create a list of indexes (internal & non-internal) used by users - am getting performance errors for admin role I am getting performance errors on the ES reg. many indexes used by users, specially the admin role. Any SPLs or dire... by SamHTexas Builder in Splunk Enterprise Security 01-20-2022 0 10	0	10
Enterprise Security - Mitre Metrics When I configure a correlation search with an Annotation of MiTRE ATT&CK and create a notable, I don't see any eviden... by gazoscreek Path Finder in Splunk Enterprise Security 01-19-2022 1 1	1	1
How do I find list of assets or servers "exceeding the field limits set in the asset & identity management page" Thx On ES am getting warning messages the " two assets are exceeding the field limits set in the asset & identity managem... by SamHTexas Builder in Splunk Enterprise Security 01-18-2022 0 0	0	0
ldap user not showing in owner list for assigning notable ldap authentication method is configured and users are showing on user settings page, but sometimes users not showing... by dan_ Loves-to-Learn Lots in Splunk Enterprise Security 01-13-2022 0 1	0	1