Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

Losing data from URL-based Threat Intelligence Feed

Hi All, Looking for some help troubleshooting some odd behaviour around storing IOCs from a custom URL-based Threa...

by Engager in

How to find Non-Primary and Primary bucket copies on the peer nodes ?

How to find Non-Primary and Primary bucket copies on the peer nodes ? I'm new to the Splunk, could someone please...

by New Member in

How to make secure cookies in Splunk by setting Secure, SameSite, HTTPOnly Attributes?

Hi everyone, Can you please help us to make the Secure cookies by doing below things. Setting HTTPOnly Flag to spl...

by Loves-to-Learn Everything in

Spunk App for CEF format not detecting on CyberArk PTA

Hello, Splunk App for CEF is installed on Splunk HF, I did all the field mapping to the Log which is required for ...

by New Member in

Health Check:msg="A script exited abnormally with exit status:1"

Health Check:msg="A script exited abnormally with exit status:1" are poppling for below inputs input=".opt/splunk/et...

by Loves-to-Learn in

Slack Notification Alert: Triggered Alert not sending notification to slack

hi All, After setting up the incoming webhooks in the slack and provided the webhook url in the Slack setup config...

by Loves-to-Learn Lots in

Passing Variable to Inputlookup

I am running a query to find the list of users that received an email from a particular email address. This is workin...

by Path Finder in

Threat Activity in the ES app stopped to populate data

i have recently upgraded SPlunk from 7.1.1 to 7.3.4 and ES from 5.2.2 to 5.3.1, but after the upgrade i can see that ...

by Contributor in

Bucket Flap

Hello, I'm new here and I wanted some help for this issue. My incident is getting many errors for a bucket replicatio...

by Explorer in

LDAP Search= Command

How do you use the search= command with lpdasearch or lpdafilter? I seen examples where they are using search="(objec...

by New Member in

Is it possible to filter data coming through Elasticsearch Modular Input without changing the configuration or data indices on ES?

Hi All, I have enabled the Modular Input for Elasticsearch(ES) and I am able to get in the data. My sample data is...

by Explorer in

Compare today's values to the week's median without join

Hello there, I'm have a search that get the events atributed to "N" number of users, and I would like to compare t...

by Engager in

CBResponse app compatibility plans for Splunk 8.x?

Will the CB Response app be compatible with Splunk 8.x anytime soon? Or does anyone have a workaround for errors that...

by Path Finder in

ignore timestamp greater than 2 days

two time fields per event: _time (default eventfield for Splunk) occurtime (timestamp within body of event) I only...

by Observer in

Title in Email from Correlation Search

I have looked at the SPLUNK documentation (https://docs.splunk.com/Documentation/Splunk/7.2.9/Alert/EmailNotification...

by Contributor in

Is it advisable to implement Splunk ES using SmartStore in a 2-site configuration?

According to https://docs.splunk.com/Documentation/Splunk/8.0.3/Indexer/AboutSmartStore#Current_restrictions_on_Smart...

by New Member in

how to check the retention SET time that data are being deleted using CLI and query into splunk?

Hello All, Hope You're well. how to check the retention SET time that data are being deleted using CLI and query i...

by Communicator in

Why I need to backup Indexes,Configuration files etc..

Hi Splunkers, I have a concern where splunk says "If you use a .tar file, expand it into the same directory with t...

by Explorer in

Anyone using F5 GTM's and using the logs for anything?

We have an idea to use the logs from these systems for DDOS detections. Was wondering if anyone has props\transfers t...

by Path Finder in

Invalid account error when trying to access ES Sandbox instance URL?

Hi, I just tried to deploy a Splunk ES Sandbox and also registered a new account at the same time. The flow was ro...

by Engager in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Losing data from URL-based Threat Intelligence Feed

How to find Non-Primary and Primary bucket copies on the peer nodes ?

How to make secure cookies in Splunk by setting Secure, SameSite, HTTPOnly Attributes?

Spunk App for CEF format not detecting on CyberArk PTA

Health Check:msg="A script exited abnormally with exit status:1"

Slack Notification Alert: Triggered Alert not sending notification to slack

Passing Variable to Inputlookup

Threat Activity in the ES app stopped to populate data

Bucket Flap

LDAP Search= Command

Is it possible to filter data coming through Elasticsearch Modular Input without changing the configuration or data indices on ES?

Compare today's values to the week's median without join

CBResponse app compatibility plans for Splunk 8.x?

ignore timestamp greater than 2 days

Title in Email from Correlation Search

Is it advisable to implement Splunk ES using SmartStore in a 2-site configuration?

how to check the retention SET time that data are being deleted using CLI and query into splunk?

Why I need to backup Indexes,Configuration files etc..

Anyone using F5 GTM's and using the logs for anything?

Invalid account error when trying to access ES Sandbox instance URL?

There's No Place Like Chrome and the Splunk Platform

The Great Resilience Quest: 5th Leaderboard Update

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

incident_review migration to new splunk enterprise...

What is the retention period for summaries generat...

Why the System Center does not show data from Wind...

Adding key indicator search to custom dashboard in...

How to send only not suppressed notable from Splun...