Splunk Enterprise Security

Discussions

Thread Info

i want to write regular expression with the field i have a field called "file_name"

i have a field name is file_name in that field value is there ex: file_name= Operating System-Linux-Server-Support...

by New Member in

How to search for brute force logins coming from an external source only?

Guys, I am trying to specifically see if I can distinguish when the login attempts are coming from an external source...

by New Member in

Help required on comparing two field values?

Hi Team, I got two field values: field1=xyz.com; field2=abc.xyz.com Now i want to compare these two values e...

by New Member in

Export pages as CSV

How can we export 'Data inputs » Intelligence Downloads' & 'Content Management' pages as CSV?

by New Member in

Splunk ES Threat Artifacts dashboard don't working

Hi splunkers, My entprise security threat artifacts dashboard doesn't working. It's stuck in "search waiting for i...

by Path Finder in

Splunk Enterprise upgrade: Does Enterprise Security version need compatibility with old and new versions?

I am looking to upgrade Splunk Enterprise from 6.6.9 to 8.0.x. I understand this will take at least one intermediary ...

by Explorer in

How to send log file by using Universal Forwarder

Hello, The following process variable logs are created in my system. Time | Target | Variable | Status 00:00:0...

by Explorer in

How to enable master node on all indexers ?

Hi All , I am working in cluster environment with 16 prod indexers, and one separate cluster master node. if I ...

by Engager in

Multiple events are coming into a single event

When ingesting Guardicore logs into Splunk. Multiple events are being combined into a single event. Date marks the be...

by New Member in

can some explain this search please

my search |eval _time= strftime(_time, "%Y-%m-%d")|stats latest(AssetRiskScore) as score by _time AssetNames | sort 0...

by Explorer in

ES glass tables export

Hello, I'm using Entreprise security glass tables to show IT security indicators. Is it possible to export ES glas...

by New Member in

Table out results by identifying patterns in a string field

I would like to get results by identifying a patterns with in string filed based on the string match/pattern/occurren...

by Engager in

Alert not triggering

Hi all, I have created an alert with this simple query: index=foo host="bar" action=fail | stats count by user ...

by Explorer in

Source(App, device, hostname) of logs

I want to find source of logs from where we are receiving logs, like datamodel is ingesting logs from which source an...

by New Member in

Does Git Version Control for Splunk support Search Head cluster?

Installation instructions do not mention anything specific to using this Git Version Control for Splunk app in a Sear...

by Ultra Champion in

How to find out active and inactive users from last 30 days in splunk ES without using "reset"

i need a query for all active and inactive users which are in Splunk ES with out using "reset" key

by New Member in