Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
muradgh

Splunk Enterprise Security update multiple notables at the same time using REST API

Hi all!I have been trying to automate a task lately,So I'm able to edit one notable event using the API just fine, bu...
by muradgh Path Finder in Splunk Enterprise Security 12-06-2020
0 0
0
0
nishu3788

How can I form Notable URL link if I have notable id

Hi Everyone,Can someone help me, How I can form a Splunk Notable URL when I have Notable id (event_id).The use case i...
by nishu3788 Explorer in Splunk Enterprise Security 12-02-2020
0 0
0
0
ebs

Variable host names for asset lookup

In the Splunk environment some of the assets have variable host names. Is there a way we can map an additional 'host'...
by ebs Communicator in Splunk Enterprise Security 12-01-2020
0 1
0
1
Rbsplunk95

Log restoration process

Hello everyone, I am facing some issues with log restoration process from azure cloud to splunk . I have gone through...
by Rbsplunk95 New Member in Splunk Enterprise Security 12-01-2020
0 1
0
1
eriklp

Datamodel search for changing windows group member in datamodel

Hi there, I'd like to create a search to look for group membership changes in active directory. So far I've created t...
by eriklp Explorer in Splunk Enterprise Security 12-01-2020
0 1
0
1
badr_boukari

Datasets and ideas for Splunk Enterprise Security

Hello the team,I am currently preparing a Splunk Lab for my office, and I need the datasets specially for Splunk Ente...
by badr_boukari Explorer in Splunk Enterprise Security 11-30-2020
1 4
1
4
woodentree

How to synchronize Notable Event data with 3rd party incident management tool (TheHive)?

Hello,We’d like to synchronize Correlation Searches with our Incident management tool, The Hive. We could use TA-Theh...
by woodentree Communicator in Splunk Enterprise Security 11-28-2020
0 4
0
4
hunterar

Using tokens within tokens in Notable Events

I have created a workflow action to send a Notable Event to ServiceNow to create an incident. I am unable to figure o...
by hunterar Engager in Splunk Enterprise Security 11-26-2020
0 2
0
2
Tylerdygert

Will you help me understand the extreme search app in Splunk Enterprise Security?

Hello Splunk Community, I am trying to get to the bottom of a question that I have been trying to answer for a coupl...
by Tylerdygert Path Finder in Splunk Enterprise Security 11-26-2020
0 3
0
3
blaise

In streams, the aggregation of a variable sets the name to "sum(var name)" which causes var name issues later

While getting Netflow data using streams, I aggregate a variable "bytes_in" as a sum of the bytes_in received in a fl...
by blaise Explorer in Splunk Enterprise Security 11-25-2020
0 0
0
0
Ksr1982

Connection not secure : splunk web with https when using internal cert

My settings in web.confenableSplunkWebSSL = TrueprivKeyPath = /opt/splunk/etc/auth/myxxx/private.keyserverCert = /opt...
by Ksr1982 Explorer in Splunk Enterprise Security 11-24-2020
1 1
1
1
krvamsireddy

KV Store initialization failed. Please contact your system administrator

KV Store initialization failed. Please contact your system administratorUnable to initialize modular input "microsoft...
by krvamsireddy Explorer in Splunk Enterprise Security 11-23-2020
0 2
0
2
luongg

AWS Logs Not Mapping to Fields in Splunk ES Data Model Correctly

Hello, I'm currently running the Splunk App for AWS and am receiving the data without a problem into its own index i...
by luongg Explorer in Splunk Enterprise Security 11-23-2020
0 3
0
3
hettervik

Why is the "summary.earliest_time" field from the REST API "/services/admin/summarization" showing epoch time 0?

After looking at the "Data Model Audit" dashboard in Splunk ES, in the "Acceleration Details" panel, we saw that some...
by hettervik Builder in Splunk Enterprise Security 11-23-2020
0 0
0
0
yat135

Extract only host name from the URL field-

Hi,I have a field "blockedUri" which can contain two types of value (string or URL). Below is an example : blockedUri...
by yat135 Observer in Splunk Enterprise Security 11-20-2020
0 1
0
1
stroud_bc

How to parse ADFS Authentication logs for CIM compliance: Mixed XML and KV extraction

We utilize Microsoft Active Directory Federation Services for SSO integration with several cloud applications. We wou...
by stroud_bc Path Finder in Splunk Enterprise Security 11-19-2020
0 4
0
4
McThunderStick

Passing fields into multiple searches w/out using Map Cmd

*I would typically use the map command for this, but it's currently broken and support is working to fix itThat being...
by McThunderStick Engager in Splunk Enterprise Security 11-19-2020
0 2
0
2
llmillerjr

Correlation Search - Search to either email or allow notable event to be fired.

We have some users asking for Notable Events and emails depending on search results.Example...If the number of errors...
by llmillerjr Observer in Splunk Enterprise Security 11-18-2020
0 1
0
1
neermine

What is the difference between Splunk Enterprise and Splunk Enterprise Security ?

hii i'm new at Splunk and i want to know the difference between Splunk and Splunk security. I know that Splunk Enterp...
by neermine Path Finder in Splunk Enterprise Security 11-13-2020
0 3
0
3
rbal_splunk

[PCI] Could you please elobrate logic for display of Compliance Status History view for security Posture

The issue is for the “PCI Compliance Posture” dashboard the View “Compliance Status History” is not showing data.  It...
by rbal_splunk Splunk Employee Splunk Employee in Splunk Enterprise Security 11-12-2020
0 1
0
1
rbal_splunk

[PCI]Compliance Status History Scorecard In PCI Compliance -Not Rendering Data

VERSION=8.0.6ES version= version = 6.1.0Splunk_DA-ESS_PCICompliance=4.1.0Issue is for the “PCI Compliance Posture” da...
by rbal_splunk Splunk Employee Splunk Employee in Splunk Enterprise Security 11-12-2020
0 1
0
1
jonscheele

Splunk Enterprise Security Sandbox - where is the sample data?

Hi,I signed up for the 7-day Enterprise Security Sandbox trial.According to the web site, there is supposed to be sam...
by jonscheele New Member in Splunk Enterprise Security 11-12-2020
0 2
0
2
BenzSann

Error in 'apply' command: Failed to load model "smb_pdfmodel": Model does not exist.

I tried to enable some use cases from Splunk ESCU and then I copied SPL command and run searching to test.  It seems ...
by BenzSann Splunk Employee Splunk Employee in Splunk Enterprise Security 11-11-2020
0 1
0
1
sheamus69

Workflows dependent on the content of a field

I am working on improving usage of the risk framework within our instance of Splunk ES.At present there are a number ...
by sheamus69 Communicator in Splunk Enterprise Security 11-09-2020
0 2
0
2
havatz

accelerated datamodels API query

HiNeed you help with API query for getting accelerated datamodels statistics (usage and size)thanks!
by havatz Explorer in Splunk Enterprise Security 11-08-2020
0 2
0
2
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...
Top Solution Authors
View All