Splunk Enterprise Security

Discussions

Thread Info

Where I have to configure limits.conf in a distributed environment?

Hi all, I have a distributed multisite architecture, with a single Search Head, 2 indexers and, 2 Forwarders a Clu...

by Explorer in

Export all search results to CSV when search uses head

I am trying to create a dashboard with a search that shows the top 10 entries but I also need to be able to export al...

by New Member in

Creating phantom containers from a splunk search

Is there a way to create a container in Phantom using results from a Splunk search?

by Loves-to-Learn in

Data Inventory Introspection not completing in 3.0.0

We have upgraded the app to 3.0.0, but now we cant get the Data Inventory Introspection to complete. In the previo...

by Explorer in

Identity lookup Expanded

I tried to update the Identity lookup Expanded manually but i ended up deleting it. after that i started to get the b...

by New Member in

Create weekly report of user activity with (add, modify, delete) in Splunk with required fields username , host, activity type, date time

I did tried with below query where as i am getting action results edit but i am not able see what is edited like deep...

by New Member in

Create weekly report of user activity with (add, modify, delete) in Splunk with required fields username , host, activity type, date time

I did tried with below query where as i am getting action results edit but i am not able see what is edited like deep...

by New Member in

Forwarder not parsing Ossec logs correctly

Hi all, We have our ossec logs from servers being sent to a forwarder and then the forwarder to indexer. On the fo...

by Explorer in

Join two indexes without any unique field

I have two indexes that I need to join to get data from both of them, unfortunately there are no common values on bot...

by Explorer in

SmartStore Cache Policy to Preserve Recent Buckets while searching from S3 Object Store

I want to balance the use of cache capacity with SmartStore. I want to keep recent buckets in cache while allowing ol...

by Loves-to-Learn in

how do i get usernames in cisco meraki logs?

Trying to build user activity/configuration changes monitoring for meraki logs in splunk.

by New Member in

Splunk Indexes question

Hi, 1) I want to move my hot/warm bucket to cold after 90 days, is it possible to roll buckets based on time durat...

by Communicator in

login ID change in Splunk using AD

hello, we are planning to change the Splunk login ID which is linked with AD, the change is due to the existing ID...

by New Member in

How to monitor Splunk users Role modifications?

Hello, We’d like to monitor role modifications of our Splunk accounts. The goal is to know who modified what role ...

by Communicator in

Smartstore unable to replicate buckets

Hi all, We have a Splunk infrastructure with ESS using SmartStore over S3 on AWS. We moved from Splunk 7.3.0 to 7....

by Path Finder in

Trial version of Enterprise Security

Hello, Does a trial version of Splunk App for Enterprise security exist ? Thanks.

by New Member in

All dependent addons for Splunk Enterprise Security App

Hi All, Is there a way to list out all the dependent addons for Splunk Enterprise Security app? For instance, ...

by Path Finder in

Add fields to tstat results

Hi! I want to use a tstats search to monitor for network scanning attempts from a particular subnet: | tstats `...

by Explorer in

how to convert the day into seconds splunk search query

25days convert to seconds and difference with current time to seconds and display the difference time

by New Member in

Ip location return a wrong location after update db

Hi all, I have Splunk ESS Version: 7.1.3. After updating the GeoLite2-City.mmdb db (last 17/3/20) I noticed that i...

by Loves-to-Learn Lots in

DHS AIS and CISCP taxii feeds - setup

Has anyone been able to configure the taxii feeds for AIS and CISCP in Enterprise Security? In the arguments, I have ...

by Path Finder in

Is CCURE add-on compatible with CCURE 9000

by Explorer in

Enterprise Security: Should we use the Cisco StealthWatch Add-On in addition to ES?

We use ES and wonder whether we should use the Cisco StealthWatch Add-On as well. Cisco StealthWatch Add-On say...

by Motivator in

Is it possible to use the Use Case Library of Splunk ES in the sandbox?

I recently activated my 7-days trial sandbox for Splunk Enterprise Security as i want to evaluate the functionality o...

by New Member in

Looking for use cases for NH-ISAC taxii feed in Splunk Enterprise Security

We have successfully implemented the taxii feed from NH-ISAC and are looking for examples or use cases from others th...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Where I have to configure limits.conf in a distributed environment?

Export all search results to CSV when search uses head

Creating phantom containers from a splunk search

Data Inventory Introspection not completing in 3.0.0

Identity lookup Expanded

Create weekly report of user activity with (add, modify, delete) in Splunk with required fields username , host, activity type, date time

Create weekly report of user activity with (add, modify, delete) in Splunk with required fields username , host, activity type, date time

Forwarder not parsing Ossec logs correctly

Join two indexes without any unique field

SmartStore Cache Policy to Preserve Recent Buckets while searching from S3 Object Store

how do i get usernames in cisco meraki logs?

Splunk Indexes question

login ID change in Splunk using AD

How to monitor Splunk users Role modifications?

Smartstore unable to replicate buckets

Trial version of Enterprise Security

All dependent addons for Splunk Enterprise Security App

Add fields to tstat results

how to convert the day into seconds splunk search query

Ip location return a wrong location after update db

DHS AIS and CISCP taxii feeds - setup

Is CCURE add-on compatible with CCURE 9000

Enterprise Security: Should we use the Cisco StealthWatch Add-On in addition to ES?

Is it possible to use the Use Case Library of Splunk ES in the sandbox?

Looking for use cases for NH-ISAC taxii feed in Splunk Enterprise Security

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Saved Search in Source Code