Splunk Enterprise Security

Discussions

Thread Info

Sourcetype naming and indexs help!!

Hi guys, I am working as security analyst and I monitor many customers using splunk I usally deal with incidents tha...

by New Member in

Getting an error after degrading Splunk enterprise security.

Unable to initialize modular input "whois" defined in the app "SA-NetworkProtection": Introspecting scheme=whois: scr...

by Path Finder in

Time Range issue: triggered condition is "split" into two cron executions

Hello, Our Horizontal Port Scan correlation search is triggered when a number of request destinations is superior ...

by Communicator in

Alert Trigger send token to Drill Down

I am using Enterprise Security and most of our searches are correlation searches. One of my searches is not able to b...

by Contributor in

Whois specify a WHOIS server (*nix -h flag)

Similar to https://answers.splunk.com/answers/642213/nslookup-on-network-tools-app-with-specified-dns-s.html First...

by Path Finder in

Restrict Index Access from Specific Forwarders

tl;dr Looking for a method to prevent index contamination on an indexer cluster supporting a multi tenant Splunk Ente...

by Engager in

Indexer Volumes(Disks) in a Smartstore configuration

Hi All, It is recommended to use the i3.8xlarge instance type which comes with ephemeral storage for Splunk indexe...

by Engager in

How to find live sessions for VPN connections?

I'm looking for a way to present just live sessions for VPN connections (Juniper SSL VPN). From the actual logs I ca...

by Path Finder in

Checklist For Troubleshoot Splunk Enterprise Environments

Please, is there any checklist or guideline for troubleshooting or running a maintenance check on an enterprise Splun...

by Observer in

getting replication error on DMC host only for ES SH. unable to get this host added as search peers.

Hi Everyone, I am configuring ES SH on DMC . Distributed search » Search peers. but it is failing "replication sta...

by Explorer in

Host is frequently down in Linux. How to find the root cause

Particular host if frequently down in linux. Kindly help me the steps to find the root cause and fix the issue.

by Communicator in

LDAP authentication has stopped unknown reason

Hello it seems one of the LDAP strategies has stopped working for unknown reason. I have confirmed password and the s...

by Explorer in

Microssoft SOC Intergrated With Splunk

Please how can I integrate Microsoft SOC as a Service with Splunk? what are the business benefits

by Observer in

Bitbucket Cloud Compatibility

Hello, Could you please let me know if this add-on is working with Bitbucket Cloud as well? Or just with BItbucket...

by Explorer in

Vulnerability scan: how to grab the last scan data only?

Hello, We'd like to create a dashboard for our vulnerability data. Our two main goals are: 1. Track the number of ...

by Communicator in

Splunk Investigation Reporting/Dash

Hi all, Is there a way we can see all new/pending/closed investigations created? Mind you we can create investigat...

by New Member in

Custom adaptive response action not showing.

Hi Splunkers, I need a custom adaptive response and ı read this documentation. "https://dev.splunk.com/enterprise/...

by Path Finder in

Shutdown procedure

Need to power off spunk server tonight for emergency power maintenance. Does anyone know where i can get the shutdown...

by New Member in

Palo Alto app Dashboard not showing any data.

Hello Folks, Please I am having an issue where my PA app is not showing events and I am able to run searches and ...

by Explorer in

How to write query-rex to get table inside table data?

How to write a rex query for table inside table for the below case "studentInfo": { "name": "Apple", "id": "57", "...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Sourcetype naming and indexs help!!

Getting an error after degrading Splunk enterprise security.

Time Range issue: triggered condition is "split" into two cron executions

Alert Trigger send token to Drill Down

Whois specify a WHOIS server (*nix -h flag)

Restrict Index Access from Specific Forwarders

Indexer Volumes(Disks) in a Smartstore configuration

How to find live sessions for VPN connections?

Checklist For Troubleshoot Splunk Enterprise Environments

getting replication error on DMC host only for ES SH. unable to get this host added as search peers.

Host is frequently down in Linux. How to find the root cause

LDAP authentication has stopped unknown reason

Microssoft SOC Intergrated With Splunk

Bitbucket Cloud Compatibility

Vulnerability scan: how to grab the last scan data only?

Splunk Investigation Reporting/Dash

Custom adaptive response action not showing.

Shutdown procedure

Palo Alto app Dashboard not showing any data.

How to write query-rex to get table inside table data?

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

What is the "enable to risk index" and "enable to ...

Strange CIM Issues- How would we fix?

Getting error while installing enterprise security...

Why is Splunk tag for key value pair not appearing...

How to identify null valued fields in the index?