Splunk Enterprise Security

Community Activity

Add-ons for microsoft products I would appreciate help from anyone who has encountered a similar problem: We are using Microsoft's E5 licensing with... by Amire22 Explorer in Splunk Enterprise Security 07-20-2025 0 3	0	3
Splunk not taking updated certificate server.pem We noticed this morning that all the certificates for our Splunk servers are expired since a week (discovered whilst ... by clacroixdurant Explorer in Splunk Enterprise Security 07-16-2025 0 2	0	2
Error saving event-based detection. Missing detection_id for the detection= Unable to update and save detections after upgrading to Splunk ES version 8.1.0. It says Detection ID is missing. by BJ17 Explorer in Splunk Enterprise Security 07-13-2025 0 4	0	4
Cannot add column to Analyst Queue in Enterprise Security 8.1 Hello,I have problem with Analyst queue:I am not able to add column to Analyst Queue in GUI. When I do this (using th... by lukasmecir Path Finder in Splunk Enterprise Security 07-13-2025 0 2	0	2
Correlation Search: Next Step: Ping - NSLOOKUP - Risk Analysis Hi,I tried to use the Next Step of the correlation search: Ping - NSLOOKUP - Risk AnalysisI was lucky to find the res... by AliMaher Path Finder in Splunk Enterprise Security 07-09-2025 0 0	0	0
Enterprise Security Correlation Searches are not updating the risk index We recently updated from Enterprise Security 7.3.2 to 8.0.4 Correlation searches are not updating the risk index.... by DufferDave Engager in Splunk Enterprise Security 06-30-2025 0 1	0	1
Reg to Download of ES I'm having Developer License but I'm unable to download the ES.Can any one help me in this.? by ramiiitnzv New Member in Splunk Enterprise Security 06-27-2025 0 3	0	3
Finding based finding / Risk based alerting not working properly Hi there,In Mission Control in our properly working Splunk environment, we see the following:This is exactly how we w... by Daavid Loves-to-Learn Lots in Splunk Enterprise Security 06-25-2025 0 0	0	0
Summarization searches not running on search head cluster HelloWe deployed a new Splunk cluster containing a Cluster Manager, 3x SHC members, 6x Indexers. The cluster has hund... by Sweets000 Engager in Splunk Enterprise Security 06-24-2025 0 5	0	5
How to integrate NextDNS with Splunk using NextDNS (Community App) Hi Team,Could you help me integrating NextDNS (Community App) with Splunk. I have downloaded and configured the app b... by tarun2505 Engager in Splunk Enterprise Security 06-16-2025 0 2	0	2
DMA - datamodel artifacts filling up the dispatch dir As the default ES DMA schedule is every 5min, and the ACCELERATE_DM_Splunk_SA_CIM*ACCELERATE jobs TTL is 24h, our di... by splunk_zen Builder in Splunk Enterprise Security 06-16-2025 0 5	0	5
Asset and identity from multiple domains HelloI have a search head configured with assets and identity from current ad domain.I have 5 more ad domains without... by Amire22 Explorer in Splunk Enterprise Security 06-12-2025 0 2	0	2
Splunkcloud ES - Missing an additional field in a notable event Hi Team,I have a notable event (Excessive Failed Logins on Multiple Targets) that I'm expecting to see the "dest" fie... by vy Explorer in Splunk Enterprise Security 06-11-2025 0 4	0	4
Failing to add Threat Intelligence Feed to Splunk Enterprise Security with custom HTTP Authorization Header HiI would like to add an additional Threat Intelligence Feed to the collection of the Intelligence Downloads in Enter... by splunker21666 Engager in Splunk Enterprise Security 06-04-2025 2 1	2	1
Enterprise Security Hi,We are using Splunk Enterprise on-premise.Now, I launched another one with a trial license and I would like to tes... by hikan Engager in Splunk Enterprise Security 06-04-2025 0 1	0	1
Splunk Snowflake Integration, but other was around Context:We have SPlunk ES setup on-prem.We want to extract the required payloads through queries, generate scheduled ... by SCK Loves-to-Learn in Splunk Enterprise Security 05-28-2025 0 2	0	2
Help with Retrieving Bulk Incident Data via REST API and Customizing Webhook Notifications in Splunk Hi everyone,I'm working on improving our incident response and monitoring setup using Splunk, and I have a few questi... by jagan_jijo Engager in Splunk Enterprise Security 05-23-2025 0 3	0	3
Idenities auto lookup in Splunk enterprise security Hello All,I have a question which I am not able to find an answer for. Hence looking for ideas, suggestions etc from ... by vikashumble Explorer in Splunk Enterprise Security 05-22-2025 0 2	0	2
Switching HEC from HTTP to HTTPS with Let’s Encrypt on Windows (On-Prem) Environment:Splunk Enterprise 9.x (Windows, On-Prem)Domain: mydomain.duckdns.org (via DuckDNS)Certbot for Let’s Encry... by Eric_Rak Loves-to-Learn Lots in Splunk Enterprise Security 05-20-2025 0 1	0	1
Upgrade to ES8 - Investigations are not shown in MissionControl HiWe upgraded our ES7 to ES8 onprem and are testing it. We currently have the issue, that the created investigations ... by kneubi Engager in Splunk Enterprise Security 05-15-2025 0 4	0	4
Splunk Enterprise security & ESCU: Customization of ESCU and upgrades hi folks, the scenario is like below- have Enterprise security (ESS) in Splunk cloud + ESCU (content updates) as part... by koshyk Super Champion in Splunk Enterprise Security 05-13-2025 0 2	0	2
Enterprise Security on SHC I have installed ES on deployer as suggested by splunk docs, then transfered this app to /opt/splunk/etc/shcluster/ap... by Nawab Communicator in Splunk Enterprise Security 05-08-2025 0 8	0	8
How do I open a support case when one of the required fields is not available to change? Support Portal is broke and I am unable to submit a case due to one of the required fields being unable to select (se... by 666Meow Explorer in Splunk Enterprise Security 04-30-2025 0 3	0	3
Has anyone used finding-based detection on ES 8.0 (On-Prem)? I am trying to create a new finding-based detection to group findings together when the risk score exceeds a threshol... by WorapongJ Explorer in Splunk Enterprise Security 04-28-2025 0 0	0	0
Can Splunk read a CSV file and automatically upload it as a lookup? Can Splunk read a CSV file located on a remote server using a forwarder and automatically upload it as a lookup?what ... by siv Explorer in Splunk Enterprise Security 04-25-2025 0 4	0	4