Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Has any great person here written a Back up / DR for Splunk ES? Any guidance is much appreciated.

I have Indexer clustering, SH clustering in a distributed environment.

by Builder in

time filter in rest apis

I want to fetch the results from triggered alerts from time T1 to T2. Tried passing the earliest_time or earliest ...

by Engager in

Endpoint datamodel

Hi, For "Endpoint datamodel" with specific to "sysmon" sourcetype, what are all the mandatory fields?

by Builder in

Splunk Recorded Future limited Risk List

Hi, Anyone has this issue, Risk lists are limited to 100,000 rows in Splunk for recorded future. Any ideas?

by New Member in

How to separately & automatically index drill down events of notables/incidents raised in ES

I use the inbuilt ES notables and incidents for creating the tickets for team to work on the issues. All the tickets...

by Path Finder in

Fortinet FortiGate APP: Data from different indexers and sources

Hi all, Have gone through my splunk answers and tried quite a few options in setting up a Fortinet Fortigate app. ...

by New Member in

Need your expert advice about Splunk Ent. & Enterprise Security (ES) Backups + Disaster Recover + HA advice please.

Need your expert advice about Splunk Ent. & Enterprise Security (ES) Backups + Disaster Recover + HA advice please. A...

by Builder in

Fortigate App not working

Hi The Fortinet Fortigate App for Splunk not working and Dashboards are empty. I have installed both the app includ...

by Explorer in

JIRA-service-desk integration with Splunk

Hi guys, I have installed the TA-jira-service-desk-simple-addon on our Splunk instance and everything went well dur...

by New Member in

JIRA Service Desk: Adaptive Response Action Cannot Be Dispatched, Unexpected Token < in JSON at position 0

Hey Splunk friends, Very new customers to splunk. Trying to find an easy way to create JIRA tickets from noteable...

by New Member in

Correaltion Search : Detect if an Acces Apache Log exist for a user who has triggered an event

Hello, We need to develop a Correlation Search to implement this algorithm : If a specific custom event (here tag...

by Explorer in

how to give data to the Splunk Enterprise security app in the splunk

Hello, I have the Splunk ES app in my splunk enterprise. but i can't see the data in my splunk enterprise security ...

by Explorer in

Making Dashboard from Incident Review Search or Making Dashboard from Investigation

So I'm sorry if this is a rather stupid question, but I have been thrown into creating a dashboard and I've only take...

by Path Finder in

Please advise on a Strategy dealing with increasing number of skipped / saved searches in ES? Thank u

Please advise on a Strategy dealing with increasing number of skipped / saved / deferred searches in Enterprise Secur...

by Builder in

Can anyone tell me why I am getting the following search error: "Error in 'rex' command: Invalid argument: 'NOT'"

Can anyone let me know why I am getting this error? | rex field=url "(?\w+\.\w+)\/" [| inputlookup IOCs-URLs.c...

by New Member in

Please help with running dedup on this search SPL for detecting skipped searches. To remove duplicates. Thank u

Please help with running dedup on this search SPL for detecting skipped searches. To remove duplicates. Thank u ...

by Builder in

Error after update - Threat Intel

Hello, After updating SES to version 6.4.0, the menu Configure > Data Enrichment > Threat intelligence Management ...

by Explorer in

Need help with reconfiguring LM and DMC on rebuilt linux server

We did rebuild existing server that hosted LM and DMC. I did install latest splunk on the rebuilt server. Copied conf...

by Communicator in

Is there a way to have a duration value account for weekends

So in python coding you can use rrule to assign weekends in weeks and subtract them from your calculation. I ask bec...

by Path Finder in

How do I search for rogue Server added to my environment including info about the Hacker(s)

by Builder in

firewall use cases

hi All, Pls could you share any links or document's for firewall usecases. Thanks in advance 

by Path Finder in

no latest update for ESCU

I saw on https://docs.splunk.com/Documentation/ESSOC/3.23.0/RN/Enhancements, there is 3.23 latest version for ESCU, b...

by Engager in

Find difference in days between today and another date

Hi, I have a creation_date field that has date format 2019-06-21 10:18:00 and then i created a field for today's da...

by Path Finder in

Risk Based alerting in SPLUNK ES

I want to enable risk based alerting as a part of threat hunting.Usecase- lf a malicious file is transmitted, risk sc...

by Loves-to-Learn Lots in

How to convert hours into days

Hi, I have the following duration format that i'd like to convert into days. Initial Format Desired...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Has any great person here written a Back up / DR for Splunk ES? Any guidance is much appreciated.

time filter in rest apis

Endpoint datamodel

Splunk Recorded Future limited Risk List

How to separately & automatically index drill down events of notables/incidents raised in ES

Fortinet FortiGate APP: Data from different indexers and sources

Need your expert advice about Splunk Ent. & Enterprise Security (ES) Backups + Disaster Recover + HA advice please.

Fortigate App not working

JIRA-service-desk integration with Splunk

JIRA Service Desk: Adaptive Response Action Cannot Be Dispatched, Unexpected Token < in JSON at position 0

Correaltion Search : Detect if an Acces Apache Log exist for a user who has triggered an event

how to give data to the Splunk Enterprise security app in the splunk

Making Dashboard from Incident Review Search or Making Dashboard from Investigation

Please advise on a Strategy dealing with increasing number of skipped / saved searches in ES? Thank u

Can anyone tell me why I am getting the following search error: "Error in 'rex' command: Invalid argument: 'NOT'"

Please help with running dedup on this search SPL for detecting skipped searches. To remove duplicates. Thank u

Error after update - Threat Intel

Need help with reconfiguring LM and DMC on rebuilt linux server

Is there a way to have a duration value account for weekends

How do I search for rogue Server added to my environment including info about the Hacker(s)

firewall use cases

no latest update for ESCU

Find difference in days between today and another date

Risk Based alerting in SPLUNK ES

How to convert hours into days

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions