Splunk Enterprise Security

Discussions

Thread Info

LDAP Search= Command

How do you use the search= command with lpdasearch or lpdafilter? I seen examples where they are using search="(objec...

by New Member in

Is it possible to filter data coming through Elasticsearch Modular Input without changing the configuration or data indices on ES?

Hi All, I have enabled the Modular Input for Elasticsearch(ES) and I am able to get in the data. My sample data is...

by Explorer in

Compare today's values to the week's median without join

Hello there, I'm have a search that get the events atributed to "N" number of users, and I would like to compare t...

by Engager in

CBResponse app compatibility plans for Splunk 8.x?

Will the CB Response app be compatible with Splunk 8.x anytime soon? Or does anyone have a workaround for errors that...

by Path Finder in

ignore timestamp greater than 2 days

two time fields per event: _time (default eventfield for Splunk) occurtime (timestamp within body of event) I only...

by Observer in

Title in Email from Correlation Search

I have looked at the SPLUNK documentation (https://docs.splunk.com/Documentation/Splunk/7.2.9/Alert/EmailNotification...

by Contributor in

Is it advisable to implement Splunk ES using SmartStore in a 2-site configuration?

According to https://docs.splunk.com/Documentation/Splunk/8.0.3/Indexer/AboutSmartStore#Current_restrictions_on_Smart...

by New Member in

how to check the retention SET time that data are being deleted using CLI and query into splunk?

Hello All, Hope You're well. how to check the retention SET time that data are being deleted using CLI and query i...

by Communicator in

Why I need to backup Indexes,Configuration files etc..

Hi Splunkers, I have a concern where splunk says "If you use a .tar file, expand it into the same directory with t...

by Explorer in

Anyone using F5 GTM's and using the logs for anything?

We have an idea to use the logs from these systems for DDOS detections. Was wondering if anyone has props\transfers t...

by Path Finder in

Invalid account error when trying to access ES Sandbox instance URL?

Hi, I just tried to deploy a Splunk ES Sandbox and also registered a new account at the same time. The flow was ro...

by Engager in

Network data statics dashboard

Hello, I have request to collect all network data based allowed denyed and dropped traffic info from various netw...

by Path Finder in

How to use time range from time picker in dashboard search?

I just added a time picker to one of my dashboards. One of the panels in this dashboard is showing "new" vulnerabilit...

by Path Finder in

I know Splunk doesn't have an official Data Model for Containers, does anyone have one that they are using?

I don't know if data model:Containers are on Splunk's road map. or if there's a official data model that supports the...

by New Member in

i want to write regular expression with the field i have a field called "file_name"

i have a field name is file_name in that field value is there ex: file_name= Operating System-Linux-Server-Support...

by New Member in

How to search for brute force logins coming from an external source only?

Guys, I am trying to specifically see if I can distinguish when the login attempts are coming from an external source...

by New Member in

Help required on comparing two field values?

Hi Team, I got two field values: field1=xyz.com; field2=abc.xyz.com Now i want to compare these two values e...

by New Member in

Export pages as CSV

How can we export 'Data inputs » Intelligence Downloads' & 'Content Management' pages as CSV?

by New Member in

Splunk ES Threat Artifacts dashboard don't working

Hi splunkers, My entprise security threat artifacts dashboard doesn't working. It's stuck in "search waiting for i...

by Path Finder in

Splunk Enterprise upgrade: Does Enterprise Security version need compatibility with old and new versions?

I am looking to upgrade Splunk Enterprise from 6.6.9 to 8.0.x. I understand this will take at least one intermediary ...

by Path Finder in

How to send log file by using Universal Forwarder

Hello, The following process variable logs are created in my system. Time | Target | Variable | Status 00:00:0...

by Explorer in

How to enable master node on all indexers ?

Hi All , I am working in cluster environment with 16 prod indexers, and one separate cluster master node. if I ...

by Engager in

Multiple events are coming into a single event

When ingesting Guardicore logs into Splunk. Multiple events are being combined into a single event. Date marks the be...

by New Member in

can some explain this search please

my search |eval _time= strftime(_time, "%Y-%m-%d")|stats latest(AssetRiskScore) as score by _time AssetNames | sort 0...

by Explorer in

ES glass tables export

Hello, I'm using Entreprise security glass tables to show IT security indicators. Is it possible to export ES glas...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

LDAP Search= Command

Is it possible to filter data coming through Elasticsearch Modular Input without changing the configuration or data indices on ES?

Compare today's values to the week's median without join

CBResponse app compatibility plans for Splunk 8.x?

ignore timestamp greater than 2 days

Title in Email from Correlation Search

Is it advisable to implement Splunk ES using SmartStore in a 2-site configuration?

how to check the retention SET time that data are being deleted using CLI and query into splunk?

Why I need to backup Indexes,Configuration files etc..

Anyone using F5 GTM's and using the logs for anything?

Invalid account error when trying to access ES Sandbox instance URL?

Network data statics dashboard

How to use time range from time picker in dashboard search?

I know Splunk doesn't have an official Data Model for Containers, does anyone have one that they are using?

i want to write regular expression with the field i have a field called "file_name"

How to search for brute force logins coming from an external source only?

Help required on comparing two field values?

Export pages as CSV

Splunk ES Threat Artifacts dashboard don't working

Splunk Enterprise upgrade: Does Enterprise Security version need compatibility with old and new versions?

How to send log file by using Universal Forwarder

How to enable master node on all indexers ?

Multiple events are coming into a single event

can some explain this search please

ES glass tables export

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Editing the alert that is sent to PagerDuty

Is it possible to make it mandatory to assign Owne...

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...

Documentation for SA-AccessProtection / DA-ESS-Acc...