Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
d4wc3k

How to monitor changes in kv store lookups

Hello everyone I have following problem: I have set disabled flag in ip_intel by following query: | inputlookup ip_i...
by d4wc3k Path Finder in Splunk Enterprise Security 04-03-2020
0 0
0
0
virchenko

Incident Review | Search is waiting for input...

Hello all! I'm having trouble with Enterprise Security => Incident Review page. all time "Search is waiting for input...
by virchenko Explorer in Splunk Enterprise Security 04-02-2020
0 8
0
8
twh1

Matching value from two multi-value field

I am working with MS-Exchange data. I am taking recipient email value and matching with user lookup for other details...
by twh1 Communicator in Splunk Enterprise Security 04-02-2020
0 2
0
2
zekiramhi

Sparkline after Join Command Problem

Hello Fellow Splunkers, I have been trying the following query to pull the ES notified hosts and bring a sparkline o...
by zekiramhi Path Finder in Splunk Enterprise Security 04-01-2020
0 1
0
1
shannan2

No data sent to Splunk while debug logs show successful connections to Microsoft graph API, and 'None' content length

In an attempt to bring in some additional Azure AD data we have begun using the Microsoft Azure Add-on for Splunk, ho...
by shannan2 Explorer in Splunk Enterprise Security 04-01-2020
1 1
1
1
rtalcik

tstats isn't displaying search

| tstats count where index=proxy AND sourcetype=dns earliest=-7d by _time, ComputerName span=1h | xyseries _time, Com...
by rtalcik Path Finder in Splunk Enterprise Security 04-01-2020
0 4
0
4
mansourireza

Error in 'lookup' command: Could not construct lookup

I have the following scheduled search that updates a lookup (simple_identity_lookup) by adding new entries that aren'...
by mansourireza Explorer in Splunk Enterprise Security 04-01-2020
1 2
1
2
brownt61

Create token in SPL to be used later in SPL

Hello, I am attempting to create a workflow action that allows a risk modifier to be adjusted. I have the command n...
by brownt61 Explorer in Splunk Enterprise Security 04-01-2020
0 0
0
0
rtalcik

umbrella is not assigning data to the network resolution dns data model

How do I go about editing the data have the data from umbrella dns logs update the network resolution dns data model
by rtalcik Path Finder in Splunk Enterprise Security 03-31-2020
0 0
0
0
georgemak

How to size Splunk deployment for 1800 clients

Hello, I've been using Splunk for less than a year and I'm trying to know how to size Splunk deployment(hardware req...
by georgemak Engager in Splunk Enterprise Security 03-31-2020
0 3
0
3
jsven7

How may I change MM/DD/YYYY HH:MM:SS to epoch time?

Situation: - I have some records with a human readable field "Creation Date" (MM/DD/YYYY HH:MM:SS). - I'd like to so...
by jsven7 Communicator in Splunk Enterprise Security 03-31-2020
0 2
0
2
mpham07

Splunk Enterprise Security Notable Event Title Not Working

Hello all, I'm currently stumped in trying to figure out why my notable event token is not working. I verified the ...
by mpham07 Path Finder in Splunk Enterprise Security 03-31-2020
0 8
0
8
vishwanath119

Splunk inputs.conf - Read from all files in a directory except one file

Need to read from all files present in /temp/logs/ directory except one file abc.log Directory looks like xyz.log ab...
by vishwanath119 New Member in Splunk Enterprise Security 03-31-2020
0 3
0
3
mmqt

What provides data to inputlookup:system_version_tracker

I'm trying to figure out what provides data to the inputlookup:system_version_tracker for ES. Currently its only popu...
by mmqt Path Finder in Splunk Enterprise Security 03-31-2020
1 1
1
1
shravankumarkus

how to write search query to get notable events based on last modified time for a correlation rule?

How do we write search query to get notable events based on last modified time for a correlation rule ? I want to se...
by shravankumarkus New Member in Splunk Enterprise Security 03-30-2020
0 9
0
9
Ankush_Kumar

Regex not giving right results

Hi Community members. I need your help to identify where I am doing wrong in regex field extraction. Actually there...
by Ankush_Kumar New Member in Splunk Enterprise Security 03-30-2020
0 5
0
5
bansodesant

What should I do when I accidentally deleted "DA-ESS-IdentityManagement" and "SA-Utils", "splunk_metrics_workspace" applications.

I was removing different application and accidentally removed these Splunk ES supported and other application. It wil...
by bansodesant Explorer in Splunk Enterprise Security 03-30-2020
0 0
0
0
Ankush_Kumar

I need to know how to pass multiple fields of subsearch to main search?

Hi Team, My question is i have antivirus events and firewall traffic and i want to run antivirus search as a subsear...
by Ankush_Kumar New Member in Splunk Enterprise Security 03-30-2020
0 8
0
8
jerm1020rq

Recorded future app missing session key

When searching for sourcetype=recorded future IOCS, i receive the following error. I updated the API key and that fix...
by jerm1020rq Explorer in Splunk Enterprise Security 03-29-2020
0 1
0
1
rtalcik

My search isnt showing data from lookup list

What my search is trying to do is whenever the search matches an item in the lookup list it should display the result...
by rtalcik Path Finder in Splunk Enterprise Security 03-27-2020
0 3
0
3
miguelangelclem

Where I have to configure limits.conf in a distributed environment?

Hi all, I have a distributed multisite architecture, with a single Search Head, 2 indexers and, 2 Forwarders a Clust...
by miguelangelclem Explorer in Splunk Enterprise Security 03-27-2020
0 4
0
4
rroyko

Export all search results to CSV when search uses head

I am trying to create a dashboard with a search that shows the top 10 entries but I also need to be able to export al...
by rroyko New Member in Splunk Enterprise Security 03-26-2020
0 1
0
1
DanEhrlich

Creating phantom containers from a splunk search

Is there a way to create a container in Phantom using results from a Splunk search?
by DanEhrlich Loves-to-Learn in Splunk Enterprise Security 03-26-2020
0 2
0
2
PCT80000

Data Inventory Introspection not completing in 3.0.0

We have upgraded the app to 3.0.0, but now we cant get the Data Inventory Introspection to complete. In the previous...
by PCT80000 Explorer in Splunk Enterprise Security 03-26-2020
1 1
1
1
m87

Identity lookup Expanded

I tried to update the Identity lookup Expanded manually but i ended up deleting it. after that i started to get the ...
by m87 New Member in Splunk Enterprise Security 03-26-2020
0 0
0
0
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...
Top Solution Authors
View All