Splunk Enterprise Security

Community Activity

how to search a file/folder permissions changed on a file share server? Auditing has already been enabled but we are having issues to know who changed the permissions by humi0912 New Member in Splunk Enterprise Security 05-01-2020 0 1	0	1
Losing data from URL-based Threat Intelligence Feed Hi All, Looking for some help troubleshooting some odd behaviour around storing IOCs from a custom URL-based Threat ... by aingragunathan Engager in Splunk Enterprise Security 04-30-2020 0 0	0	0
How to find Non-Primary and Primary bucket copies on the peer nodes ? How to find Non-Primary and Primary bucket copies on the peer nodes ? I'm new to the Splunk, could someone please h... by nagadaksesh New Member in Splunk Enterprise Security 04-30-2020 0 2	0	2
Spunk App for CEF format not detecting on CyberArk PTA Hello, Splunk App for CEF is installed on Splunk HF, I did all the field mapping to the Log which is required for Cy... by arjunhunurkar New Member in Splunk Enterprise Security 04-30-2020 0 3	0	3
Health Check:msg="A script exited abnormally with exit status:1" Health Check:msg="A script exited abnormally with exit status:1" are poppling for below inputs input=".opt/splunk/et... by schandrasekar Loves-to-Learn in Splunk Enterprise Security 04-29-2020 0 0	0	0
Slack Notification Alert: Triggered Alert not sending notification to slack hi All, After setting up the incoming webhooks in the slack and provided the webhook url in the Slack setup configur... by datamine Loves-to-Learn Lots in Splunk Enterprise Security 04-29-2020 0 0	0	0
Passing Variable to Inputlookup I am running a query to find the list of users that received an email from a particular email address. This is workin... by geekf Path Finder in Splunk Enterprise Security 04-28-2020 0 2	0	2
Threat Activity in the ES app stopped to populate data i have recently upgraded SPlunk from 7.1.1 to 7.3.4 and ES from 5.2.2 to 5.3.1, but after the upgrade i can see that ... by soumyasaha25 Contributor in Splunk Enterprise Security 04-28-2020 0 0	0	0
Bucket Flap Hello, I'm new here and I wanted some help for this issue. My incident is getting many errors for a bucket replicatio... by adol83 Explorer in Splunk Enterprise Security 04-28-2020 1 2	1	2
LDAP Search= Command How do you use the search= command with lpdasearch or lpdafilter? I seen examples where they are using search="(objec... by keldridg2 New Member in Splunk Enterprise Security 04-27-2020 0 1	0	1
Is it possible to filter data coming through Elasticsearch Modular Input without changing the configuration or data indices on ES? Hi All, I have enabled the Modular Input for Elasticsearch(ES) and I am able to get in the data. My sample data is m... by prachisaxena Explorer in Splunk Enterprise Security 04-27-2020 0 0	0	0
Compare today's values to the week's median without join Hello there, I'm have a search that get the events atributed to "N" number of users, and I would like to compare the... by omarguzmancamac Engager in Splunk Enterprise Security 04-27-2020 0 5	0	5
CBResponse app compatibility plans for Splunk 8.x? Will the CB Response app be compatible with Splunk 8.x anytime soon? Or does anyone have a workaround for errors that... by ch1221 Path Finder in Splunk Enterprise Security 04-25-2020 1 2	1	2
ignore timestamp greater than 2 days two time fields per event: _time (default eventfield for Splunk) occurtime (timestamp within body of event) I o... by arikanter Observer in Splunk Enterprise Security 04-24-2020 0 2	0	2
Title in Email from Correlation Search I have looked at the SPLUNK documentation (https://docs.splunk.com/Documentation/Splunk/7.2.9/Alert/EmailNotification... by willadams Contributor in Splunk Enterprise Security 04-24-2020 0 0	0	0
Is it advisable to implement Splunk ES using SmartStore in a 2-site configuration? According to https://docs.splunk.com/Documentation/Splunk/8.0.3/Indexer/AboutSmartStore#Current_restrictions_on_Smart... by elliottj1 New Member in Splunk Enterprise Security 04-24-2020 0 0	0	0
how to check the retention SET time that data are being deleted using CLI and query into splunk? Hello All, Hope You're well. how to check the retention SET time that data are being deleted using CLI and query int... by pacifikn Communicator in Splunk Enterprise Security 04-24-2020 0 0	0	0
Why I need to backup Indexes,Configuration files etc.. Hi Splunkers, I have a concern where splunk says "If you use a .tar file, expand it into the same directory with the... by PramodhKumar Explorer in Splunk Enterprise Security 04-24-2020 0 5	0	5
Anyone using F5 GTM's and using the logs for anything? We have an idea to use the logs from these systems for DDOS detections. Was wondering if anyone has props\transfers ... by cmeisch Path Finder in Splunk Enterprise Security 04-23-2020 0 3	0	3
Invalid account error when trying to access ES Sandbox instance URL? Hi, I just tried to deploy a Splunk ES Sandbox and also registered a new account at the same time. The flow was roug... by gborg Engager in Splunk Enterprise Security 04-23-2020 1 2	1	2
Network data statics dashboard Hello, I have request to collect all network data based allowed denyed and dropped traffic info from various networ... by Splunk_rocks Path Finder in Splunk Enterprise Security 04-23-2020 0 1	0	1
How to use time range from time picker in dashboard search? I just added a time picker to one of my dashboards. One of the panels in this dashboard is showing "new" vulnerabili... by tromero3 Path Finder in Splunk Enterprise Security 04-23-2020 0 2	0	2
I know Splunk doesn't have an official Data Model for Containers, does anyone have one that they are using? I don't know if data model:Containers are on Splunk's road map. or if there's a official data model that supports the... by huiyang11 New Member in Splunk Enterprise Security 04-22-2020 0 0	0	0
i want to write regular expression with the field i have a field called "file_name" i have a field name is file_name in that field value is there ex: file_name= Operating System-Linux-Server-Support... by mahendra559 New Member in Splunk Enterprise Security 04-21-2020 0 3	0	3
How to search for brute force logins coming from an external source only? Guys, I am trying to specifically see if I can distinguish when the login attempts are coming from an external source... by ewonn New Member in Splunk Enterprise Security 04-21-2020 0 1	0	1