Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
alekwisnia

Insert a glass table into a dashboard

Enterprise Security has a nice Glass Table feature. I'm wondering if it is possible to include it within dashboard? O...
by alekwisnia Explorer in Splunk Enterprise Security 09-18-2020
0 2
0
2
ansusabu

Manual Notable Event

I was trying to create a manual notable event using "sendalert notable". But the name of the notable is coming as "Ma...
by ansusabu Communicator in Splunk Enterprise Security 09-18-2020
0 4
0
4
malvidin

Splunk ES on version 7.3.3: How to get consistent user lookups on both incident reviews and investigations?

The Owner selection in Incident Review filters by the account "Full name", but the Investigations filter to add users...
by malvidin Communicator in Splunk Enterprise Security 09-16-2020
0 0
0
0
nareerat_pr

How can I set up an email notification when an incident is assigned

How can I set up an email alert to notify someone who is assigned the incident from the incident review page?
by nareerat_pr Explorer in Splunk Enterprise Security 09-16-2020
0 1
0
1
jogonz20

How to track on ES the timestamp whenever I changed in the investigations section the status of any investigation

I am trying to figure out how I can track the timestamp whenever I changed the status of any recently opened investig...
by jogonz20 Explorer in Splunk Enterprise Security 09-14-2020
0 2
0
2
d_lim

Bundle issues with SHC

Hi all,I'm having these error messages -Streamed seach execute failed beacuse: Error in 'lookup' command: Could not c...
by d_lim Path Finder in Splunk Enterprise Security 09-11-2020
0 1
0
1
venkasplunk

Splunk Security Essentials

Hi all, Just installed splunk security essentials app and after that did a "Start Searches" , its running for long t...
by venkasplunk New Member in Splunk Enterprise Security 09-10-2020
0 3
0
3
saotaigiri

Top alerts fires

Please I am looking for a query to search for the top alerts that fired within 2 weeks (or within a time frame).I am ...
by saotaigiri Path Finder in Splunk Enterprise Security 09-10-2020
0 1
0
1
ololdach

Is there an easy way to configure HTTP proxy for Analytic Story Execution (ASX) App?

Hi fellow Splunkers, I've stumbled upon a cool piece of code, namely the ASX app that allows you to load configuratio...
by ololdach Builder in Splunk Enterprise Security 09-10-2020
0 0
0
0
alekwisnia

Trigger an action manually

I need an action for an incident responder to send a selected event's data via email. I can define notable actions, b...
by alekwisnia Explorer in Splunk Enterprise Security 09-10-2020
0 1
0
1
Splunkometry88

KV Store Lookup to Email with timestamp search

Hi TeamI am searching to confirm the SPL to poll a KV Store check the status of the es_notable_events when a status c...
by Splunkometry88 Explorer in Splunk Enterprise Security 09-10-2020
0 3
0
3
d_lim

metadata/local.meta question

Hello, so I was looking at my metadata/local.meta and it is only the following 4 lines:[savedsearches/mysavedsearch]o...
by d_lim Path Finder in Splunk Enterprise Security 09-09-2020
0 3
0
3
armanih

Splunk search on two different indexes and retrieve a matching value from one index

Hi All,I have two indexes.Index A | table email_usersIndex B | table email, Groupemail_users and email fields contain...
by armanih Explorer in Splunk Enterprise Security 09-08-2020
0 3
0
3
FranziskaHodbod

How to implement an App or Add-on that enables Splunk employees to report security incidents?

I would like to integrate an app or add-on into Splunk that enables employees in the company to bring anomalies into ...
by FranziskaHodbod New Member in Splunk Enterprise Security 09-08-2020
0 1
0
1
mounavignesh

Splunk App and Add-on for Amazon Web Services: Log search Cloudfront .gz log from S3 files

I'm not able to search cloud-front logs from S3. There is no results. But I'm able to search ELB logs and Cloud-trail...
by mounavignesh New Member in Splunk Enterprise Security 09-07-2020
0 0
0
0
nareerat_pr

Can I add the sendemail response action with the link to incident review page for a correlation search

I've created a correlation search, then I want to add the send email response action with a link to this rule that sh...
by nareerat_pr Explorer in Splunk Enterprise Security 09-07-2020
0 1
0
1
josephliion

Maxmind Threat Intelligence Database is not downloading

Hi there, I noticed that the URL path for the MaxMind ASN Database has changed on, to another path, and the siem can ...
by josephliion Explorer in Splunk Enterprise Security 09-04-2020
3 7
3
7
Splunkometry88

Send email on Notable Event close action

Hi TeamI am looking to send an email alert once the notable event is closed, I can send an email when the notable eve...
by Splunkometry88 Explorer in Splunk Enterprise Security 09-04-2020
0 1
0
1
jadengoho

Does not meet the recommended minimum system on only one instance

Why do we encounter this  "Does not meet the recommended minimum system"  only for ESSH03 even though all of the syst...
by jadengoho Builder in Splunk Enterprise Security 09-04-2020
0 3
0
3
Splunkometry88

Adding manually downloaded Threat Intel file into Splunk ES

Hi allI have a threat feed that is available via using an API key only, I could not see any way to add the API key to...
by Splunkometry88 Explorer in Splunk Enterprise Security 09-04-2020
0 1
0
1
astatrial

EnterpriseSecurity - DataModels

Hi everyone,Introduction:We have Palo Alto products, and we have also installed the appropriate add-on and apps. We m...
by astatrial Contributor in Splunk Enterprise Security 09-03-2020
0 2
0
2
vik_splunk

Why does modifying notable severity in Splunk ES impact historic events as well?

Hi All,We notice a seemingly weird behaviour where modifying the notable severity in a correlation search brings up h...
by vik_splunk Communicator in Splunk Enterprise Security 09-02-2020
0 6
0
6
Laszlo_K

Splunk Security Essentials not showing ESCU content in Manage Bookmarks page top statistics

Enabled 3 ESCU rules in ES and mapped them in SSE using Content Introspection on the Manage Bookmarks page.After a Re...
by Laszlo_K Explorer in Splunk Enterprise Security 09-02-2020
0 0
0
0
abhinav_go

Threat intelligence framework

Hi ,Can anyone provide me approach/steps for integrating threat intelligence framework to Splunk ES.Also , how to pul...
by abhinav_go Explorer in Splunk Enterprise Security 09-01-2020
1 0
1
0
jaracan

Latest and most Stable Splunk Enterprise version 8.x and Splunk ES Version 6.x

Hi Team,We are planning to upgrade from Splunk Enterprise v7.2.9.1 to Splunk Enterprise v8.0.x on the next few months...
by jaracan Communicator in Splunk Enterprise Security 09-01-2020
0 1
0
1
Get Updates on the Splunk Community!

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Splunk Developer Day was packed with product and platform updates for developers building in the AI ...
Top Solution Authors
View All