Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
mahendra559

i want to write regular expression with the field i have a field called "file_name"

i have a field name is file_name in that field value is there ex: file_name= Operating System-Linux-Server-Support...
by mahendra559 New Member in Splunk Enterprise Security 04-21-2020
0 3
0
3
ewonn

How to search for brute force logins coming from an external source only?

Guys, I am trying to specifically see if I can distinguish when the login attempts are coming from an external source...
by ewonn New Member in Splunk Enterprise Security 04-21-2020
0 1
0
1
Ankush_Kumar

Help required on comparing two field values?

Hi Team, I got two field values: field1=xyz.com; field2=abc.xyz.com Now i want to compare these two values either ...
by Ankush_Kumar New Member in Splunk Enterprise Security 04-21-2020
0 2
0
2
GoldenTulip

Export pages as CSV

How can we export 'Data inputs » Intelligence Downloads' & 'Content Management' pages as CSV?
by GoldenTulip New Member in Splunk Enterprise Security 04-20-2020
0 0
0
0
burakatabay

Splunk ES Threat Artifacts dashboard don't working

Hi splunkers, My entprise security threat artifacts dashboard doesn't working. It's stuck in "search waiting for inp...
by burakatabay Path Finder in Splunk Enterprise Security 04-20-2020
0 3
0
3
a_kearney

Splunk Enterprise upgrade: Does Enterprise Security version need compatibility with old and new versions?

I am looking to upgrade Splunk Enterprise from 6.6.9 to 8.0.x. I understand this will take at least one intermediary ...
by a_kearney Path Finder in Splunk Enterprise Security 04-20-2020
0 6
0
6
kevinsteeee

How to send log file by using Universal Forwarder

Hello, The following process variable logs are created in my system. Time | Target | Variable | Status 00:...
by kevinsteeee Explorer in Splunk Enterprise Security 04-19-2020
0 1
0
1
90509

How to enable master node on all indexers ?

Hi All , I am working in cluster environment with 16 prod indexers, and one separate cluster master node. if I run...
by 90509 Engager in Splunk Enterprise Security 04-18-2020
0 3
0
3
AshimaGupta1991

Multiple events are coming into a single event

When ingesting Guardicore logs into Splunk. Multiple events are being combined into a single event. Date marks the be...
by AshimaGupta1991 New Member in Splunk Enterprise Security 04-17-2020
0 1
0
1
vikram1583

can some explain this search please

my search |eval _time= strftime(_time, "%Y-%m-%d")|stats latest(AssetRiskScore) as score by _time AssetNames | so...
by vikram1583 Explorer in Splunk Enterprise Security 04-17-2020
0 2
0
2
badrsplunk

ES glass tables export

Hello, I'm using Entreprise security glass tables to show IT security indicators. Is it possible to export ES glass ...
by badrsplunk New Member in Splunk Enterprise Security 04-17-2020
0 0
0
0
sparachi

Table out results by identifying patterns in a string field

I would like to get results by identifying a patterns with in string filed based on the string match/pattern/occurren...
by sparachi Engager in Splunk Enterprise Security 04-17-2020
1 1
1
1
miguelangelclem

Alert not triggering

Hi all, I have created an alert with this simple query: index=foo host="bar" action=fail | stats count by user | se...
by miguelangelclem Explorer in Splunk Enterprise Security 04-17-2020
0 3
0
3
DawoodUlex

Source(App, device, hostname) of logs

I want to find source of logs from where we are receiving logs, like datamodel is ingesting logs from which source an...
by DawoodUlex New Member in Splunk Enterprise Security 04-16-2020
0 0
0
0
FrankVl

Does Git Version Control for Splunk support Search Head cluster?

Installation instructions do not mention anything specific to using this Git Version Control for Splunk app in a Sear...
by FrankVl Ultra Champion in Splunk Enterprise Security 04-15-2020
0 3
0
3
Narendra02

How to find out active and inactive users from last 30 days in splunk ES without using "reset"

i need a query for all active and inactive users which are in Splunk ES with out using "reset" key
by Narendra02 New Member in Splunk Enterprise Security 04-15-2020
0 3
0
3
alandeandrea

Splunk Enterprise Security: Is there a way manually force a newline in notable event descriptions?

We have multiples lines of text in our detailed Splunk ES notable event descriptions. In order to make the text reada...
by alandeandrea Explorer in Splunk Enterprise Security 04-15-2020
1 4
1
4
proletariat99

ES: Add a Carriage Return to "Description"

In enterprise security correlation searches / notable events, I'd like to add a carriage return to the Description fi...
by proletariat99 Communicator in Splunk Enterprise Security 04-15-2020
2 4
2
4
cosm0630

I have a uniquestion Please... Anyone..

Hello Everyone. The following query is providing me what I need for PANs (each pillar is representing . However, I n...
by cosm0630 New Member in Splunk Enterprise Security 04-15-2020
0 2
0
2
willadams

Add custom tag on close of ES Incident

We have a number of correlation searches that trigger in Enterprise Security. From these events that trigger in IR, ...
by willadams Contributor in Splunk Enterprise Security 04-15-2020
0 1
0
1
splunk_testing1

Splunk Enterprise Security Sandbox

I tried to deploy the Splunk Enterprise Security Sandbox and it doesn't seem to have deployed correctly. When I try t...
by splunk_testing1 Engager in Splunk Enterprise Security 04-14-2020
1 1
1
1
srik1234

How to get multiple events into single row or table format with timestamp of login logout of session

Hi, I'm new to splunk. I learned many things from Splunk Answers section. Firstly i would like to thank you all who h...
by srik1234 Explorer in Splunk Enterprise Security 04-14-2020
0 6
0
6
manikanthkoti

How to make cookies as Secure by setting Secure flag and How to set SameSite attribute value to Strict or lax in Splunk Enterprise?

Hi Everyone, We have some security issues raised in that we want to make All the cookies with secure flag and Set th...
by manikanthkoti Explorer in Splunk Enterprise Security 04-14-2020
0 1
0
1
tromero3

How to show results with null values and another value with wildcard?

I have a field called "bunit" and I need to filter on results that either have a null value OR a value that contains ...
by tromero3 Path Finder in Splunk Enterprise Security 04-13-2020
0 2
0
2
nbayko

Email Alert if ES Notable is Anything but Low Severity

Has anyone found a way to send an email for an ES notable based on Severity level? So the exact use case is, EDR even...
by nbayko Explorer in Splunk Enterprise Security 04-13-2020
1 0
1
0
Get Updates on the Splunk Community!

Splunk MCP & Agentic AI: Machine Data Without Limits

  Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...

Finding Based Detections General Availability

Overview  We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Hands-On Learning and Technical Seminars  Sometimes, you just need to see the code. For those looking for a ...
Top Solution Authors
View All