Splunk Enterprise Security

Thread Info

Capture "Splunk Enterprise Security" Changes

Hello All, Is there is any way to identify "whats all changes performed on Splunk Enterprise Security" . Example ...

by Communicator in

Warning after Splunk upgrade to 8.0.2 and Enterprise Security to 6.1.0

Hi at all, I've just upgraded Splunk Enterprise from 7.1.1 to 8.0.2, Enterprise Security from 5.2.0 to 6.1.0. and all...

by SplunkTrust in

How to implement multiple where conditions with like statement using tstats?

Hello, We'd like to monitor configuration changes on our Linux host. For that we want to detect when in the datamo...

by Communicator in

Correlation Search has stopped generating notable events

I have a Correlation Search that ceased generating notable events without any sort of change or adjustment to the sea...

by Path Finder in

Combining two fields with a constant string between

I am pulling two fields from a CSV based off of a field in live logs, then combining them into one field with a const...

by Explorer in

How can i utf8processor warn message, using charser auto?

WARN UTF8Processor - Using charset UTF-8, as the monitor is believed over the raw text which may be UTF-16LE - data_s...

by Observer in

Detecting Credential Compromise

Hey Folks, I was about to start Splunking for this particular AWS credential compromise scenario - netflixtechblog...

by Explorer in

What is the easiest way to rename a correlation search?

What is the easiest way to rename a correlation search? There is rename link/button on the correlation search page, a...

by Explorer in

How to change the "From" address when an alert email is generated

we are using Splunk Cloud i want to modify from address(Splunk Cloud alerts@splunkcloud.com ) and want to use custom ...

by Explorer in

Find anomalous network traffic of a user

Hi team, I m trying to find network traffic of a user and classify it as high or normal based on avg and stdev cal...

by Loves-to-Learn Everything in

Splunk sizing and timing

I am developing a monthly report/dashboard for a client and would like to ask the client a lot of none technical ques...

by Explorer in

How to extract fields from csv file?

Hello, We use a python script to export some data every 24 hours from our database and save it in $SPLUNK_HOME/etc...

by Communicator in

Release notes

Are there any release notes available for Thinkst Canary AddOn For Splunk? Any concerns in moving from 1.1.7 to 1.1.1...

by Path Finder in

Restore SCV

Hi, I accidently deleted a CSV file. Is there any way to restore it or retrieve the CSV file.

by Path Finder in

Customize report

Hi, I have a requirement to customize the report generated in csv format, this is a scheduled report. The report i...

by Explorer in

Issue with CIM Mapping for ES

I am receiving the EMail logs from Proofpoint Email gateway via syslog. The single email communication include the mu...

by Path Finder in

Mapping field values to allowed valued for Enterprise Security (CIM Data Models)

Hi, in my logs I have field named 'action' with the following possible values: detect, prevent, redirect. In order...

by Path Finder in

the differences between "es_notable_events" and "incident_review_lookup"

I'd like to search the status of Incident Review, and have found 2 ways to do it. 1)| inputlookup append=T es_notable...

by Loves-to-Learn Everything in

Is it possible to add an option to a Dashboard to select the search mode?

I built a dashboard (step 1 :)) and would like to add the ability to chose the search mode (via a drop down menu, etc...

by New Member in

No new alerts in notable index, where I can start troubleshouting

Hello All I have problem with Splunk ES, today I've noticed that there is no new alert in Incident Review Panel. I...

by Path Finder in

Windows TA not Parsing "Error_Code" from 4776 Logs

Searching: index=sec_windows source=wineventlog:security EventCode=4776 action=failure should return a field calle...

by Explorer in

Slpunk DB connect APP

i am trying to query the Oracle DB using the statement attached in the case, the query works fine for the batch input...

by New Member in

A Necessity of use cases related to Nessus and Windows.

Hi all, We have the necessity to implements alerts related to Nessus scans and Windows systems. We have seen a few of...

by New Member in

CIM compliance of data from two different sources

I have two set of questions on which I am looking for inputs. 1. I have data from multiple tables for an application....

by Path Finder in

Feature Request: restrict the KPIs of a glass table in ES on refresh interval

I would like to be able to restrict the KPIs of a glass table in ES on refresh interval. The refresh interval can...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Enterprise Security

Discussions

Capture "Splunk Enterprise Security" Changes

Warning after Splunk upgrade to 8.0.2 and Enterprise Security to 6.1.0

How to implement multiple where conditions with like statement using tstats?

Correlation Search has stopped generating notable events

Combining two fields with a constant string between

How can i utf8processor warn message, using charser auto?

Detecting Credential Compromise

What is the easiest way to rename a correlation search?

How to change the "From" address when an alert email is generated

Find anomalous network traffic of a user

Splunk sizing and timing

How to extract fields from csv file?

Release notes

Restore SCV

Customize report

Issue with CIM Mapping for ES

Mapping field values to allowed valued for Enterprise Security (CIM Data Models)

the differences between "es_notable_events" and "incident_review_lookup"

Is it possible to add an option to a Dashboard to select the search mode?

No new alerts in notable index, where I can start troubleshouting

Windows TA not Parsing "Error_Code" from 4776 Logs

Slpunk DB connect APP

A Necessity of use cases related to Nessus and Windows.

CIM compliance of data from two different sources

Feature Request: restrict the KPIs of a glass table in ES on refresh interval

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Saved Search in Source Code