Splunk Enterprise Security

Community Activity

Why aren't Enterprise Security Webhooks and PagerDuty in the dropdown in ES Adaptive Response? Not sure why I see all my alert option in searching and reporting, but when I look in enterprise security web hooks a... by tonymorin Explorer in Splunk Enterprise Security 03-10-2020 0 9	0	9
subsearch join Anything wrong with this join and subsearch? I know there are events which should match based on the 'cs_host' field.... by jacqu3sy Path Finder in Splunk Enterprise Security 03-10-2020 0 3	0	3
is there anything special that has to be done to make the search activity app work with splunk 8.0.2? splunkweb won't start after I upgraded to 8. after upgrading to 8.0.2 from 7.3.1, splunkweb won't start. after I remove the search activity app it starts again. by jlstanley Path Finder in Splunk Enterprise Security 03-10-2020 0 0	0	0
Trace a value in Splunk / data lineage Hi, is there a way to trace the origin of a specific value in Slunk? Currently I am trying to figure out with eventt... by mihenn Path Finder in Splunk Enterprise Security 03-10-2020 0 3	0	3
lookup table with un-parsed data Hi, I am new to Splunk. I was wondering if anyone knew if its possible to query a lookup table that has un-parsed da... by hbfblueteam New Member in Splunk Enterprise Security 03-10-2020 0 1	0	1
Syslog & TA event ingestion Hi Everyone, I've inherited a splunk platform and need assistance with syslog configuration. The current configurati... by montydo Explorer in Splunk Enterprise Security 03-10-2020 2 3	2	3
Getting incorrect data while I am using rex splunk I wrote below query to get the data and display in my dashboard. And I am getting results with correct data + getting... by rashhvarikuti New Member in Splunk Enterprise Security 03-10-2020 0 4	0	4
CIM Data Model Best Practices - What (not) to include in the data model? Hello, I was curious to see if there are any best practices for mapping to CIM data models. More specifically, I'm l... by thomasvanhelden Explorer in Splunk Enterprise Security 03-09-2020 1 5	1	5
Field Extraction for different types of data Hi Splunkers, Splunk suggests to extract fields at forwarders for structured data, why? and what if i have field nam... by PramodhKumar Explorer in Splunk Enterprise Security 03-08-2020 0 7	0	7
How to fix - Lookup file working properly when running "inputlookup" command but in search time not all fields are extracted. I have a lookup file to add additional fields to events. When running the "inputlookup" command I can see all the fi... by yossefn Path Finder in Splunk Enterprise Security 03-08-2020 0 4	0	4
Splunk Enterprise Security 製品のリリース日について Splunk の Support Policy が変更され Splunk Premium apps は、メジャーリリースまたはマイナーリリースから 24 か月後に EOL を迎えるかと思います。ただ、該当する Splunk Enter... by CurryPan Communicator in Splunk Enterprise Security 03-07-2020 0 2	0	2
Trend Micro officescan and deepsecurity sourcetype as not papulating in Malware datamodel Maily I have three sourcetypes sourcetype=Officescan ( workstation logs( signature update, malware etc) sourcetype =... by rashid47010 Communicator in Splunk Enterprise Security 03-07-2020 0 3	0	3
Display a pie from different values summing some of them Hi All, I need to show a pie for failed and succeed values, we know those values from the field "type" but 3 of them ... by canyavall New Member in Splunk Enterprise Security 03-05-2020 0 2	0	2
How to create a search for resting users and users changing their password I'm trying to make a search that allows me to see users resting and changing their password. I have this SPL: index=... by philman15 New Member in Splunk Enterprise Security 03-05-2020 0 4	0	4
Investigations in ES vs Phantom In recent discussions with Splunkers and customers, I keep hearing about how the plan is to launch investigations in ... by PebbleHG Engager in Splunk Enterprise Security 03-04-2020 2 2	2	2
How to set up cron to run search out of working hours? Hello, We would like to run a correlation search every 15 minutes but only out of working hours. It means from 6pm t... by woodentree Communicator in Splunk Enterprise Security 03-04-2020 0 6	0	6
need some help in writing SPL for below scenerio i Have 2 source types each source type having asset_id field i want a search to display same asset_id that is in b... by vikram1583 Explorer in Splunk Enterprise Security 03-03-2020 0 2	0	2
How to build a lookup list without fields Is it possible to import a lot of IP addresses into a lookup list and search the lookup list without assigning the ad... by rtalcik Path Finder in Splunk Enterprise Security 03-03-2020 0 5	0	5
How to I pass 2 fields from subsearch Hi guys, I'm having a query that take 2 fields from specific index type, and then going out to the main index in orde... by squatforeever New Member in Splunk Enterprise Security 03-03-2020 0 1	0	1
Multiple login pages for single splunk instance I came across different login pages for same instance. One is SSO enabled and another one is local authentication. Wh... by mkrishnan Engager in Splunk Enterprise Security 03-03-2020 0 1	0	1
Make "Show on Timeline" default to "Yes" (checked) in Enterprise Security "Add a Note" dialog? Why in the world is this not the default? How can I force it to be the default? by woodcock Esteemed Legend in Splunk Enterprise Security 03-02-2020 1 0	1	0
How to access non-threat Intelligence downloads as a file I have configured ES to download the list of free webmail-hosting domains below as an intelligence download (Data inp... by stroud_bc Path Finder in Splunk Enterprise Security 03-02-2020 0 3	0	3
Anyone have experience with ingesting Nessus scan data into Splunk with the new Tenable app/add-on ? Anyone have experience with ingesting Nessus scan data into Splunk with the new Tenable app/add-on ? if yes, please ... by damode Motivator in Splunk Enterprise Security 03-02-2020 1 1	1	1
Can WinEventLog populate the Endpoint datamodels? We wonder whether the WinEventLog can be applied to the Endpoint datamodels. It seems to us that - Endpoint.Process... by danielbb Motivator in Splunk Enterprise Security 03-01-2020 0 1	0	1
Capture "Splunk Enterprise Security" Changes Hello All, Is there is any way to identify "whats all changes performed on Splunk Enterprise Security" . Example ... by sumanssah Communicator in Splunk Enterprise Security 03-01-2020 0 3	0	3