Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
syazwani

Visualisation : Single Value with Trendline

Hi,Im trying to create a single value with trendline visualisation, where I want to compare the difference between to...
by syazwani Path Finder in Splunk Enterprise Security 10-19-2021
0 2
0
2
zacksoft_wf

How to know all the Contents created from a specific data model in Splunk Enterprise Security ?

I want to list all the 'Authentication' related content we have created in the ES App.Is there any SPL query to get t...
by zacksoft_wf Contributor in Splunk Enterprise Security 10-19-2021
0 6
0
6
ngwodo

Authentication Data model duplication of logs issue from 2 sourcetypes

I have one 1 primary index namely azure with 2 sourcetypes namely: mscs:kube-good and mscs:kube-audit-good.  I believ...
by ngwodo Path Finder in Splunk Enterprise Security 10-16-2021
0 1
0
1
SamHTexas

How do I lookup the Name & IP addresses of my Splunk instances. Am using the following for ES but don't get the IP. Thx

The following do not give the IP for the Splunk Enterprise Security (ES). Is there a better SPL to provide the list o...
by SamHTexas Builder in Splunk Enterprise Security 10-16-2021
0 7
0
7
Tony4688

How to troubleshoot when KVStore is failed

Hi,I deployed Splunk distributed topology. Now my server Search Head has issue: KVStore is on failed state (it make a...
by Tony4688 Explorer in Splunk Enterprise Security 10-14-2021
0 10
0
10
b_chris21

Threat Activity Detected Notable not triggered

Hello everyone,I have added an IP on local_intel_ip.csv and it now appears on Threat Artifact panel. The correlation ...
by b_chris21 Communicator in Splunk Enterprise Security 10-13-2021
0 1
0
1
ngwodo

I am setting up Authentication datamodel that have Default, insecure and Privileged Authentication

How will I set up a data model that has Authentication and sub-sessions Default, insecure and Privileged Authenticati...
by ngwodo Path Finder in Splunk Enterprise Security 10-11-2021
0 3
0
3
ebs

Notable urgency not registering correctly

Hi,According to the Splunk Docs page How urgency is assigned to notable events in Splunk Enterprise Security if I ass...
by ebs Communicator in Splunk Enterprise Security 10-11-2021
0 3
0
3
sdivya

Add-on for Atlassian JIRA Service Desk alert action : Jira ticket creation from Splunk failed

Hi, i m getting the below error when i m trying to create a ticket from splunk. i m passing this value in custom fiel...
by sdivya Observer in Splunk Enterprise Security 10-08-2021
0 1
0
1
rupeshn

What is the purpose of ess_admin role in splunk ES when it is advised not to assign it to users?

I'm trying to get why ess-admin role is present when it should not be assigned to users?
by rupeshn Explorer in Splunk Enterprise Security 10-07-2021
0 9
0
9
Ashoo

Splunk Integration with CAUIM monitoring tools

Hi There Experts , In our current environment we have Splunk Integration with CA UIM monitoring tools to send Splunk ...
by Ashoo Loves-to-Learn in Splunk Enterprise Security 10-07-2021
0 2
0
2
sahiltcs

Looking for O365 use cases in Splunk

I am looking for O365 use cases related to MS teams, Sharepoint, Exchange , One drive, Currently data is populate in ...
by sahiltcs Path Finder in Splunk Enterprise Security 10-06-2021
0 1
0
1
jm1

Can I create out of box use cases from Splunk CIM data models ?

Is it possible to use data models from Common Information Model to use cases in splunk, if so, how can we do that 
by jm1 New Member in Splunk Enterprise Security 10-06-2021
0 1
0
1
neerajs_81

Default Threat Intelligence feeds not visible in ES

Hello,As per ES official documentation, it says below threat intel feeds are enabled by default. Mozilla Public Suffi...
by neerajs_81 Builder in Splunk Enterprise Security 10-05-2021
0 0
0
0
mjones414

Splunk correlation search with throttling generating duplicates on an ES clustered environment

We recently moved from a stand-alone ES splunk search head to a clustered splunk ES search head, and we've started to...
by mjones414 Contributor in Splunk Enterprise Security 10-05-2021
1 2
1
2
mookiie2005

What is the latest stable release of splunk 8.x? I have heard of some stability issues.

What is the latest stable release of splunk 8.x?  We are planning a version upgrade from 7.3.5 to 8.x.  I have heard ...
by mookiie2005 Communicator in Splunk Enterprise Security 10-05-2021
1 1
1
1
renjujacob88

How to remove the unwanted threat group and threat category list from the dropdown of the threat activity feed? And also how to remove the data from ip_intel list ?

HI Splunkers, In our environment, We have couple of unwanted threat groups and threat category list populated in the...
by renjujacob88 Path Finder in Splunk Enterprise Security 09-30-2021
0 1
0
1
jacqu3sy

Can I convert duration in minutes into days, hours, minutes

Hi, I have a final value in minutes, but I'd like to display this in a more user friendly manner, i.e; 1680 minutes...
by jacqu3sy Path Finder in Splunk Enterprise Security 09-30-2021
0 11
0
11
skippycat

Status Changing on Old Notable Events

When we create new alerts for testing, we have the correlation search create the notable event with a status of "Test...
by skippycat Engager in Splunk Enterprise Security 09-30-2021
1 0
1
0
vamshikn72

ServiceNow Event Integration

Hi Splunkers, How to create Incidents on SNOW from Splunk SPL? We have "ServiceNow Event Integration" alert action in...
by vamshikn72 Explorer in Splunk Enterprise Security 09-28-2021
0 1
0
1
splunker1980

updated to newer SES version = added step when editing a notable :(

so before the update (was v6.4.1) we would edit the incident in 'incident review' ->  add a comment or change some st...
by splunker1980 New Member in Splunk Enterprise Security 09-27-2021
0 0
0
0
neerajs_81

Setup Validation & Review

Hi All,Any advice on how to go about finding coverage gaps in a typical ES installation ?We r ingesting logs from AWS...
by neerajs_81 Builder in Splunk Enterprise Security 09-27-2021
0 0
0
0
Pavankumar

In Intelligence Downloads setting what is Maximum age?

When I configuring threat feeds in ES . In  Intelligence Downloads setting there is Maximum age  for threat intel dow...
by Pavankumar Loves-to-Learn Lots in Splunk Enterprise Security 09-22-2021
0 1
0
1
SamHTexas

How do I configure MC to show me the Alerts & warnings I get on the Enterprise Security (ES)? Thanks a million.

I have Monitoring Console in distributed mode on my Cluster Master. Need to learn how do I configure it to show Alert...
by SamHTexas Builder in Splunk Enterprise Security 09-22-2021
0 1
0
1
zacksoft_wf

How to know where a particular eventtype is used ?

I have an eventtype that I want to delete, But before that I want to make sure that the eventtype isn't used anywhere...
by zacksoft_wf Contributor in Splunk Enterprise Security 09-21-2021
0 1
0
1
Get Updates on the Splunk Community!

Index This | What has goals but no motivation?

June 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...