Splunk Enterprise Security

Community Activity

Why does adding head (1==1) fix this strange lookup error? Both queries work on our non ES server; however, only the first query works on our ES server. This query works in bo... by compuchip Engager in Splunk Enterprise Security 04-06-2020 0 1	0	1
Splunk subsearch to find an event from a source if it is present in another source is not working I have a query that looks for data from one source only if it is present in another source. It was working fine befor... by anubhp New Member in Splunk Enterprise Security 04-05-2020 0 7	0	7
How does one safely merge a KV store? We migrated Splunk ES from an old windows server to a new Linux server. Everything is good to go except we want to co... by PirateJokes Engager in Splunk Enterprise Security 04-05-2020 0 0	0	0
Does threat intelligence work only with data Accelerated Datamodels? Hi All, I have enabled threat feed into my Splunk Enterprise Security app and the data was working fine until few da... by harishbenne2 Explorer in Splunk Enterprise Security 04-04-2020 0 4	0	4
How to deal with the duplicate events in Authentication datamodel? Hi Guys, I have built the Authentication datamodel on the Splunk ES. However I am dealing with a dilemma of duplicat... by harishbenne2 Explorer in Splunk Enterprise Security 04-04-2020 0 0	0	0
i want to display the time intearval today and last 30 days i want to display the difference between these to days how we can wright query \| mstats c(System.System_Up_Time) as Uptime prestats=t WHERE index="em_metrics" AND host="*" by host,metric_name span... by mahendra559 New Member in Splunk Enterprise Security 04-04-2020 0 1	0	1
Can you match with subsearch using an evaluated field? I am trying to compare 2 indexes (malicious domains against proxy logs) using an evaluated field. I have a subsearch ... by tomshew New Member in Splunk Enterprise Security 04-03-2020 0 7	0	7
Error in replication of incident (notables) from sh1 to other sh's in a cluster. Hi Folks, The incidents triggered in Splunk enterprise security are not getting replicated , i checked splunkd.log g... by Inayath_khan Path Finder in Splunk Enterprise Security 04-03-2020 0 0	0	0
Extract description into Threat Activity Object Splunk has all of those threat intel lists for file, process, registry, ip, url, etc... And each list has a descrip... by gwes77 Explorer in Splunk Enterprise Security 04-03-2020 1 0	1	0
How do I drilldown to a unique URL using a table row's unique token? Situation: I have a panel. The panel creates a token for me from a field I extract from the search. In the same pane... by jsven7 Communicator in Splunk Enterprise Security 04-03-2020 0 3	0	3
How to monitor changes in kv store lookups Hello everyone I have following problem: I have set disabled flag in ip_intel by following query: \| inputlookup ip_i... by d4wc3k Path Finder in Splunk Enterprise Security 04-03-2020 0 0	0	0
Incident Review \| Search is waiting for input... Hello all! I'm having trouble with Enterprise Security => Incident Review page. all time "Search is waiting for input... by virchenko Explorer in Splunk Enterprise Security 04-02-2020 0 8	0	8
Matching value from two multi-value field I am working with MS-Exchange data. I am taking recipient email value and matching with user lookup for other details... by twh1 Communicator in Splunk Enterprise Security 04-02-2020 0 2	0	2
Sparkline after Join Command Problem Hello Fellow Splunkers, I have been trying the following query to pull the ES notified hosts and bring a sparkline o... by zekiramhi Path Finder in Splunk Enterprise Security 04-01-2020 0 1	0	1
No data sent to Splunk while debug logs show successful connections to Microsoft graph API, and 'None' content length In an attempt to bring in some additional Azure AD data we have begun using the Microsoft Azure Add-on for Splunk, ho... by shannan2 Explorer in Splunk Enterprise Security 04-01-2020 1 1	1	1
tstats isn't displaying search \| tstats count where index=proxy AND sourcetype=dns earliest=-7d by _time, ComputerName span=1h \| xyseries _time, Com... by rtalcik Path Finder in Splunk Enterprise Security 04-01-2020 0 4	0	4
Error in 'lookup' command: Could not construct lookup I have the following scheduled search that updates a lookup (simple_identity_lookup) by adding new entries that aren'... by mansourireza Explorer in Splunk Enterprise Security 04-01-2020 1 2	1	2
Create token in SPL to be used later in SPL Hello, I am attempting to create a workflow action that allows a risk modifier to be adjusted. I have the command n... by brownt61 Explorer in Splunk Enterprise Security 04-01-2020 0 0	0	0
umbrella is not assigning data to the network resolution dns data model How do I go about editing the data have the data from umbrella dns logs update the network resolution dns data model by rtalcik Path Finder in Splunk Enterprise Security 03-31-2020 0 0	0	0
How to size Splunk deployment for 1800 clients Hello, I've been using Splunk for less than a year and I'm trying to know how to size Splunk deployment(hardware req... by georgemak Engager in Splunk Enterprise Security 03-31-2020 0 3	0	3
How may I change MM/DD/YYYY HH:MM:SS to epoch time? Situation: - I have some records with a human readable field "Creation Date" (MM/DD/YYYY HH:MM:SS). - I'd like to so... by jsven7 Communicator in Splunk Enterprise Security 03-31-2020 0 2	0	2
Splunk Enterprise Security Notable Event Title Not Working Hello all, I'm currently stumped in trying to figure out why my notable event token is not working. I verified the ... by mpham07 Path Finder in Splunk Enterprise Security 03-31-2020 0 8	0	8
Splunk inputs.conf - Read from all files in a directory except one file Need to read from all files present in /temp/logs/ directory except one file abc.log Directory looks like xyz.log ab... by vishwanath119 New Member in Splunk Enterprise Security 03-31-2020 0 3	0	3
What provides data to inputlookup:system_version_tracker I'm trying to figure out what provides data to the inputlookup:system_version_tracker for ES. Currently its only popu... by mmqt Path Finder in Splunk Enterprise Security 03-31-2020 1 1	1	1
how to write search query to get notable events based on last modified time for a correlation rule? How do we write search query to get notable events based on last modified time for a correlation rule ? I want to se... by shravankumarkus New Member in Splunk Enterprise Security 03-30-2020 0 9	0	9