Splunk Enterprise Security

Community Activity

Changes (regression?) to export activity audit logging between Splunk versions. In Splunk v7 we used to search index=_internal to find events that contained GET AND "/results/export?output" This pr... by D77 Loves-to-Learn Lots in Splunk Enterprise Security 08-30-2025 0 6	0	6
Dashboard PNG schedule export setting is not viewable Hi All I am trying to add new lines in mail body of the already scheduled export as PNG, when clicked on the dashboar... by MsF-2000 Path Finder in Splunk Enterprise Security 08-30-2025 0 0	0	0
Entering a Note into a Splunk Finding Sorry if this is a simple question, or one that may have been solved before. I haven't located anything to help yet.... by fraserphillips Engager in Splunk Enterprise Security 08-25-2025 0 5	0	5
Duplicate cases in SOAR After pulling cases from ES to Phantom a certain label is assigned to the event , later it is automatically promoted ... by Joei Engager in Splunk Enterprise Security 08-24-2025 0 1	0	1
Automate Investigation Creation in Mission Control Is there a way to automatically escalate a finding (or set of findings) to an investigation in Splunk Enterprise Secu... by alatif113 New Member in Splunk Enterprise Security 08-20-2025 0 1	0	1
Facing issue where notables are changing urgency post getting autoclosed Dear all,Facing an issue wherein few notables urgency getting changed post getting autoclose. i refer to splunk docs ... by bishtk Communicator in Splunk Enterprise Security 08-14-2025 0 2	0	2
How to integrate SA-Investigator with ES Greetings-- I installed SA-Investigator on our ESSearchHead, but I do not understand how to launch the App. It appea... by richardphung Communicator in Splunk Enterprise Security 08-08-2025 1 3	1	3
SPL to output Time To Resolution for Incidents by Urgency So, I have been struggling with this for a few days. I have thrown it against generative AI and not getting exactly w... by pdgill314 Path Finder in Splunk Enterprise Security 08-05-2025 0 2	0	2
Postgres vulnerability CVE-2025-1094 Why do we find postgres in /apps/splunk/splunkforwarder/quarantined_files/bin/postgres even if we have upgraded to 9.... by Dolly Explorer in Splunk Enterprise Security 08-04-2025 0 4	0	4
Incident_updates_lookup not updating urgency and rule_name field We're trying to customize the Meantime to Triage and Meantime to Resolution queries in the ES Executivity Summary das... by DeanDeleon0 Path Finder in Splunk Enterprise Security 08-01-2025 0 0	0	0
Create Investigation SOAR Hi,I need to create an investigation with SOAR.When I create the investigation, it doesn't link the Finding to the In... by Giancarlo_Pasq New Member in Splunk Enterprise Security 08-01-2025 0 0	0	0
Palo Alto and Checkpoint Event based detections Hello, I see there are lots of Cisco event based detections and not many palo alto or checkpoint (fw, ids/ips, thr... by hl Path Finder in Splunk Enterprise Security 07-29-2025 0 2	0	2
"All time" time range in notable drilldown search Hello fellow ES 8.X enjoyer.We have a few Splunk Cloud customer that got upgrade to ES 8.1. We have noticed that all ... by ejahnke Explorer in Splunk Enterprise Security 07-29-2025 1 3	1	3
Exam: Splunk Enterprise Security Admin (SPLK-3001) Hello Splunker,I hope you all are doing well. I prepare to take the SPLK-3001 Exam, and I want to know the Self-Stud... by AliMaher Path Finder in Splunk Enterprise Security 07-25-2025 0 2	0	2
Add-ons for microsoft products I would appreciate help from anyone who has encountered a similar problem: We are using Microsoft's E5 licensing with... by Amire22 Explorer in Splunk Enterprise Security 07-20-2025 0 3	0	3
Splunk not taking updated certificate server.pem We noticed this morning that all the certificates for our Splunk servers are expired since a week (discovered whilst ... by clacroixdurant Explorer in Splunk Enterprise Security 07-16-2025 0 2	0	2
Error saving event-based detection. Missing detection_id for the detection= Unable to update and save detections after upgrading to Splunk ES version 8.1.0. It says Detection ID is missing. by BJ17 Explorer in Splunk Enterprise Security 07-13-2025 0 4	0	4
Cannot add column to Analyst Queue in Enterprise Security 8.1 Hello,I have problem with Analyst queue:I am not able to add column to Analyst Queue in GUI. When I do this (using th... by lukasmecir Path Finder in Splunk Enterprise Security 07-13-2025 0 2	0	2
Correlation Search: Next Step: Ping - NSLOOKUP - Risk Analysis Hi,I tried to use the Next Step of the correlation search: Ping - NSLOOKUP - Risk AnalysisI was lucky to find the res... by AliMaher Path Finder in Splunk Enterprise Security 07-09-2025 0 0	0	0
Enterprise Security Correlation Searches are not updating the risk index We recently updated from Enterprise Security 7.3.2 to 8.0.4 Correlation searches are not updating the risk index.... by DufferDave Engager in Splunk Enterprise Security 06-30-2025 0 1	0	1
Reg to Download of ES I'm having Developer License but I'm unable to download the ES.Can any one help me in this.? by ramiiitnzv New Member in Splunk Enterprise Security 06-27-2025 0 3	0	3
Finding based finding / Risk based alerting not working properly Hi there,In Mission Control in our properly working Splunk environment, we see the following:This is exactly how we w... by Daavid Loves-to-Learn Lots in Splunk Enterprise Security 06-25-2025 0 0	0	0
Summarization searches not running on search head cluster HelloWe deployed a new Splunk cluster containing a Cluster Manager, 3x SHC members, 6x Indexers. The cluster has hund... by Sweets000 Engager in Splunk Enterprise Security 06-24-2025 0 5	0	5
How to integrate NextDNS with Splunk using NextDNS (Community App) Hi Team,Could you help me integrating NextDNS (Community App) with Splunk. I have downloaded and configured the app b... by tarun2505 Engager in Splunk Enterprise Security 06-16-2025 0 2	0	2
DMA - datamodel artifacts filling up the dispatch dir As the default ES DMA schedule is every 5min, and the ACCELERATE_DM_Splunk_SA_CIM*ACCELERATE jobs TTL is 24h, our di... by splunk_zen Builder in Splunk Enterprise Security 06-16-2025 0 5	0	5