Splunk Enterprise Security

Community Activity

	Splunk Enterprise security & ESCU: Customization of ESCU and upgrades hi folks, the scenario is like below- have Enterprise security (ESS) in Splunk cloud + ESCU (content updates) as part... by koshyk Super Champion in Splunk Enterprise Security 05-13-2025 0 2	0	2
	Enterprise Security on SHC I have installed ES on deployer as suggested by splunk docs, then transfered this app to /opt/splunk/etc/shcluster/ap... by Nawab Communicator in Splunk Enterprise Security 05-08-2025 0 8	0	8
	How do I open a support case when one of the required fields is not available to change? Support Portal is broke and I am unable to submit a case due to one of the required fields being unable to select (se... by 666Meow Explorer in Splunk Enterprise Security 04-30-2025 0 3	0	3
	Has anyone used finding-based detection on ES 8.0 (On-Prem)? I am trying to create a new finding-based detection to group findings together when the risk score exceeds a threshol... by WorapongJ Explorer in Splunk Enterprise Security 04-28-2025 0 0	0	0
	Can Splunk read a CSV file and automatically upload it as a lookup? Can Splunk read a CSV file located on a remote server using a forwarder and automatically upload it as a lookup?what ... by siv Explorer in Splunk Enterprise Security 04-25-2025 0 4	0	4
	Receiving blocked=true while syslog/heavy forwarder trying to send data through indexer servers Hi All, I have 4 Heavy forwarder servers sending data through 5 indexersserver1 acts as syslog server which has... by sureshkumaar Path Finder in Splunk Enterprise Security 04-23-2025 0 4	0	4
	Hide specific notables from IR (Incident review) in ES Hello, we would like to filter ES incident review and hide notables with TEST keyword by example, how to do? Thanks f... by splunkreal Motivator in Splunk Enterprise Security 04-18-2025 0 6	0	6
	Unknown users reported in Authetication datamodel We have an alert showing users that are authenticating after working hours for security reasons, I'm sure y'all famil... by EFonua Observer in Splunk Enterprise Security 04-17-2025 0 1	0	1
	Changing the severity level of a notable ARAs event of a correlation search Hello, I've recently encountered a problem with the severity level within the ARAs, my current severity level for thi... by agentsofshield Path Finder in Splunk Enterprise Security 04-10-2025 0 1	0	1
	ES Content Updates for Critical Infrastructure Good day. I work in a heavily regulated critical infrastructure environment. Our compliance change management require... by mooredaCIP Engager in Splunk Enterprise Security 04-08-2025 0 2	0	2
	Change color table on treshold field Hello, I'm having a problem with the colouring of a column in my table.I need to colour the AverageExecutionTime colu... by anissabnk Path Finder in Splunk Enterprise Security 04-03-2025 0 6	0	6
	Calculate MTTA for an analyst Hello everyone, I need help with determining the time needed from an analyst to investigate the alert and close it .... by Sai-08 New Member in Splunk Enterprise Security 04-02-2025 0 3	0	3
	ES v8.x on cloud Investigations API All,We are investigating a move from v7 to v8. We currently rely heavily on the Investigation API however per the... by SOClife Engager in Splunk Enterprise Security 04-01-2025 0 3	0	3
	Splunk enterprise certified admin Hi Folks,Can anyone suggest or help me out on how to get prep for Splunk administration certification course and whic... by kmahanta_17 Explorer in Splunk Enterprise Security 03-26-2025 0 3	0	3
	Anatomy of a Successful Migration with Pizza Hut REGISTER HERE Tuesday, April 8, 2025 \| 9AM–9:30AM PT Pizza Hut's Story of a Successful Migration for Greater Reliab... by WhitneySink Splunk Employee in Splunk Enterprise Security 03-25-2025 0 0	0	0
	Enterprise security app Hello,I am currently working on configuring Splunk Enterprise Security app, I already have data flowing into Splunk E... by BRFZ Communicator in Splunk Enterprise Security 03-24-2025 0 3	0	3
	host value to be picked from the source log file in regex101.com, tested below REGEX it was workingUpdated below props.conf and transforms.conf in deployment server a... by sureshkumaar Path Finder in Splunk Enterprise Security 03-22-2025 0 2	0	2
	Searching Notable Events via ShortID Hi all, Since the redesign of the new Incident Review page, we appear to have lost the ability to search for Notables... by ronan_duffy Engager in Splunk Enterprise Security 03-17-2025 0 2	0	2
	How can we search the notables using short id as filter in incident dashboard on Splunk ES? Hi All,I am using Splunk ES. We create short Ids for notables.How can we search the notables using short id as filter... by abhijitnath89 Path Finder in Splunk Enterprise Security 03-17-2025 0 2	0	2
	Create monthly report about notables from Enterprise Security I'm trying to create a report that includes the following information and want to schedule it to run monthly. I need ... by KKuser Path Finder in Splunk Enterprise Security 03-17-2025 0 4	0	4
	Listing all knowledge objects enabled in Splunk ES Is there a search query to give the list of all the knowledge objects that are enabled in ES , i want to have list of... by vpantangi Path Finder in Splunk Enterprise Security 03-17-2025 0 12	0	12
	Rest API for Notable Suppression Is there a rest api available for Notable Suppression ? to get the suppresssion details and modify them via rest api by Vignesh Explorer in Splunk Enterprise Security 03-15-2025 0 6	0	6
	Find Latency in Days I have a splunk where one of the eval method as part of main splunk query is as below.Iam not sure why SnapshotTimest... by bmer Explorer in Splunk Enterprise Security 03-14-2025 0 4	0	4
	Splunk ES: Failed to update finding: cannot redirect an already redirected call Greetings.We are currently using Splunk ES (on-prem) 7.3.3, I updated Splunk to version 9.4.1. Since the upgrade we'r... by MU2DOD Loves-to-Learn in Splunk Enterprise Security 03-12-2025 0 3	0	3
	One lookup different error I have a lookuop that have domain names, I am already using this lookup in a search and its working fine, now I am tr... by Nawab Communicator in Splunk Enterprise Security 03-04-2025 0 1	0	1