Splunk Enterprise Security

Discussions

Thread Info

Log restoration process

Hello everyone, I am facing some issues with log restoration process from azure cloud to splunk . I have gone through...

by New Member in

Datamodel search for changing windows group member in datamodel

Hi there, I'd like to create a search to look for group membership changes in active directory. So far I've cre...

by Explorer in

Datasets and ideas for Splunk Enterprise Security

Hello the team, I am currently preparing a Splunk Lab for my office, and I need the datasets specially for Splunk E...

by Explorer in

How to synchronize Notable Event data with 3rd party incident management tool (TheHive)?

Hello, We’d like to synchronize Correlation Searches with our Incident management tool, The Hive. We could use TA-T...

by Communicator in

Using tokens within tokens in Notable Events

I have created a workflow action to send a Notable Event to ServiceNow to create an incident. I am unable to figure o...

by Engager in

Will you help me understand the extreme search app in Splunk Enterprise Security?

Hello Splunk Community, I am trying to get to the bottom of a question that I have been trying to answer for a cou...

by Path Finder in

In streams, the aggregation of a variable sets the name to "sum(var name)" which causes var name issues later

While getting Netflow data using streams, I aggregate a variable "bytes_in" as a sum of the bytes_in received in a fl...

by Explorer in

Connection not secure : splunk web with https when using internal cert

My settings in web.conf enableSplunkWebSSL = TrueprivKeyPath = /opt/splunk/etc/auth/myxxx/private.keyserverCert = /...

by Explorer in

KV Store initialization failed. Please contact your system administrator

KV Store initialization failed. Please contact your system administratorUnable to initialize modular input "microsoft...

by Explorer in

AWS Logs Not Mapping to Fields in Splunk ES Data Model Correctly

Hello, I'm currently running the Splunk App for AWS and am receiving the data without a problem into its own index...

by Explorer in

Why is the "summary.earliest_time" field from the REST API "/services/admin/summarization" showing epoch time 0?

After looking at the "Data Model Audit" dashboard in Splunk ES, in the "Acceleration Details" panel, we saw that some...

by Builder in

Extract only host name from the URL field-

Hi, I have a field "blockedUri" which can contain two types of value (string or URL). Below is an example : b...

by Observer in

How to parse ADFS Authentication logs for CIM compliance: Mixed XML and KV extraction

We utilize Microsoft Active Directory Federation Services for SSO integration with several cloud applications. We wou...

by Path Finder in

Passing fields into multiple searches w/out using Map Cmd

*I would typically use the map command for this, but it's currently broken and support is working to fix it That be...

by Engager in

Correlation Search - Search to either email or allow notable event to be fired.

We have some users asking for Notable Events and emails depending on search results. Example...If the number of err...

by Observer in

What is the difference between Splunk Enterprise and Splunk Enterprise Security ?

hii i'm new at Splunk and i want to know the difference between Splunk and Splunk security. I know that Splunk Enterp...

by Path Finder in

[PCI] Could you please elobrate logic for display of Compliance Status History view for security Posture

The issue is for the “PCI Compliance Posture” dashboard the View “Compliance Status History” is not showing data. It...

by Splunk Employee in

[PCI]Compliance Status History Scorecard In PCI Compliance -Not Rendering Data

VERSION=8.0.6ES version= version = 6.1.0Splunk_DA-ESS_PCICompliance=4.1.0Issue is for the “PCI Compliance Posture” da...

by Splunk Employee in

Splunk Enterprise Security Sandbox - where is the sample data?

Hi, I signed up for the 7-day Enterprise Security Sandbox trial. According to the web site, there is supposed to ...

by New Member in

Error in 'apply' command: Failed to load model "smb_pdfmodel": Model does not exist.

I tried to enable some use cases from Splunk ESCU and then I copied SPL command and run searching to test. It seems ...

by Splunk Employee in

Workflows dependent on the content of a field

I am working on improving usage of the risk framework within our instance of Splunk ES. At present there are a numb...

by Communicator in

accelerated datamodels API query

Hi Need you help with API query for getting accelerated datamodels statistics (usage and size) thanks!

by Explorer in

Spontaneous "Health Check" error messages reported on ES Search Head regardng "maxmind_geoip_asn_ipv6" failed download?

We are getting the following errors on our Enterprise Security Search Head and are wondering why and how to fix them:...

by Esteemed Legend in

I want to send the event_id of the notable event to jira service desk.

Hello I am trying to send the notable event to jira service desk Data fields such as rule name are transmitted no...

by Loves-to-Learn Lots in

Setup the Threat feed integration in ES

We are Planning to set up Threat feed integrate in ES, We have installed crowdstrike Intel add on and now need to set...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Log restoration process

Datamodel search for changing windows group member in datamodel

Datasets and ideas for Splunk Enterprise Security

How to synchronize Notable Event data with 3rd party incident management tool (TheHive)?

Using tokens within tokens in Notable Events

Will you help me understand the extreme search app in Splunk Enterprise Security?

In streams, the aggregation of a variable sets the name to "sum(var name)" which causes var name issues later

Connection not secure : splunk web with https when using internal cert

KV Store initialization failed. Please contact your system administrator

AWS Logs Not Mapping to Fields in Splunk ES Data Model Correctly

Why is the "summary.earliest_time" field from the REST API "/services/admin/summarization" showing epoch time 0?

Extract only host name from the URL field-

How to parse ADFS Authentication logs for CIM compliance: Mixed XML and KV extraction

Passing fields into multiple searches w/out using Map Cmd

Correlation Search - Search to either email or allow notable event to be fired.

What is the difference between Splunk Enterprise and Splunk Enterprise Security ?

[PCI] Could you please elobrate logic for display of Compliance Status History view for security Posture

[PCI]Compliance Status History Scorecard In PCI Compliance -Not Rendering Data

Splunk Enterprise Security Sandbox - where is the sample data?

Error in 'apply' command: Failed to load model "smb_pdfmodel": Model does not exist.

Workflows dependent on the content of a field

accelerated datamodels API query

Spontaneous "Health Check" error messages reported on ES Search Head regardng "maxmind_geoip_asn_ipv6" failed download?

I want to send the event_id of the notable event to jira service desk.

Setup the Threat feed integration in ES

New This Month - Splunk Observability updates and improvements for faster ...

What's New in Splunk Cloud Platform 9.3.2411?

Buttercup Games: Further Dashboarding Techniques (Part 6)

Is HUNK just a branded version of Splunk Enterpris...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query