Splunk Enterprise Security

Thread Info

Match 2 log lines using common value and compare

Hi Guys, I'm new to Splunk and trying to achieve the below requirements. Please help me. If the system name is ...

by Explorer in

Splunk Enterprise Security Sandbox free trial cloud instance pre-populated data failed / Out of Storage

Created Splunk Enterprise Security Online Sandbox. pre-populated data is not visible on instance. Even Support pag...

by Engager in

is there a dashboard for tracking active Directory group changes and local host group changes?

We want to be able to use Splunk as an auditing tool for our groups local and to Active Directory groups. If changes ...

by New Member in

Splunk Enterprise security Incident Review table not showing.

Hi All,Would like to know what causes this issue , please see screenshot attached.There's an event "42" showing and t...

by Builder in

Splunk Enterprise Security cluster's member going up and down

In the cluster of ES, members of cluster randomly have get this error: Search Head Clustering Service Not ReadyPlease...

by Path Finder in

How to detect url/domain category change in proxy logs

Hi Everyone, I want to create a splunk query which can detect url/domain category change in the proxy logs within ...

by New Member in

Windows Universal Forwarder GPO

Hello I am having issues with my agent authentication and installation.I set up a service account on our domains. Cre...

by New Member in

How to calculate the time between the notable event state changes?

I am trying to figure out a way to calculate the time for: Time taken for a reviewer to assign the notable ticket ...

by New Member in

dynatrace to splunk

Hi team,I am receiving multiple events from different servers to dynatrace. so how can I forward all those events ...

by Explorer in

Splunk Dashboard - Single dropdown or input resize

Taking a cue from this thread, https://answers.splunk.com/answering/823859/view.html The code <html> <...

by Builder in

snmp modular input liscense key

how to use the liscense key for the snmp modular input , it is giving me an error other options to send snmp event...

by Explorer in

Confirming correct integration of manually uploaded STIX file

Hi Splunkers. I've manually uploaded a STIX file into ES. The file has uploaded successfully (file can be seen in ...

by Path Finder in

Find events from two indexes based on a time range

I have a need to reconcile Splunk ES rule changes. I am using the rest API to pull the "updated" rule changes. The is...

by Explorer in

Best Method of Associating External IP with a Description

Hi, I'm not exactly sure what is the best way to approach this issue. I have a list of external IP address along w...

by Explorer in

How to turn on use cases using Splunk Security Essentials?

I have identified the log sources and corresponding use cases and book marked.e.g. Basic Brute Force Detection for th...

by New Member in

Want to add severity field in vulnerability by age dashboard in ES Splunk.

We have configure ES Splunk in which most of the dashboard are predefined. so Want to add severity field in vulnerabi...

by New Member in

Send all reports from last hour in an email

Hello everyone,current scenario:Reports run every 15 minutes. The output are charts. We take screenshot of those repo...

by Engager in

How to modify data model in CIM without doing so directly in CIM?

Hello, I have a question about modification of data model in CIM: I would like to add one child dataset to DM "...

by Path Finder in

Enterprise Security malware dashboard not populating

I'm trying to get the Splunk Enterprise Security Malware dashboards to populate: I'm ingesting data from symantec ...

by Explorer in

calculations on events for daily alert

Hi team, I need to create a alert, where if my daily count is less than 30 % of monthly count average... of a part...

by Explorer in

user using outside VPN acess can't access externl mail server

Good morning,since I've been working from home using VPN access to connect to the office I noticed, I haven't been ab...

by New Member in

asset_lookup_by_str keeps changing the number of results

Hello Experts,Currently I have configured 2 source files for Asset Center and also have configured searches for those...

by Path Finder in

FIELDALIAS-app = networkConnections{}.applicationName AS app never filled

Hello, This app contains a list of Field aliases including a field alias for the field "networkConnections{}.appli...

by Builder in

Line Breake issue

Could you provide me how it can write line break and Time regex below logs . 2020-09-26 19:27:33,092 DEBUG com.edi...

by Explorer in

Can you make custom eval functions?

I was curious, and was not able to find an answer online or here, if you are able to create custom eval subcommands. ...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Enterprise Security

Discussions

Match 2 log lines using common value and compare

Splunk Enterprise Security Sandbox free trial cloud instance pre-populated data failed / Out of Storage

is there a dashboard for tracking active Directory group changes and local host group changes?

Splunk Enterprise security Incident Review table not showing.

Splunk Enterprise Security cluster's member going up and down

How to detect url/domain category change in proxy logs

Windows Universal Forwarder GPO

How to calculate the time between the notable event state changes?

dynatrace to splunk

Splunk Dashboard - Single dropdown or input resize

snmp modular input liscense key

Confirming correct integration of manually uploaded STIX file

Find events from two indexes based on a time range

Best Method of Associating External IP with a Description

How to turn on use cases using Splunk Security Essentials?

Want to add severity field in vulnerability by age dashboard in ES Splunk.

Send all reports from last hour in an email

How to modify data model in CIM without doing so directly in CIM?

Enterprise Security malware dashboard not populating

calculations on events for daily alert

user using outside VPN acess can't access externl mail server

asset_lookup_by_str keeps changing the number of results

FIELDALIAS-app = networkConnections{}.applicationName AS app never filled

Line Breake issue

Can you make custom eval functions?

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions