Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
Ankush_Kumar
Hi Team, My question is i have antivirus events and firewall traffic and i want to run antivirus search as a subsear...
by Ankush_Kumar New Member in Splunk Enterprise Security 03-30-2020
0 8
0
8
jerm1020rq
When searching for sourcetype=recorded future IOCS, i receive the following error. I updated the API key and that fix...
by jerm1020rq Explorer in Splunk Enterprise Security 03-29-2020
0 1
0
1
rtalcik
What my search is trying to do is whenever the search matches an item in the lookup list it should display the result...
by rtalcik Path Finder in Splunk Enterprise Security 03-27-2020
0 3
0
3
miguelangelclem
Hi all, I have a distributed multisite architecture, with a single Search Head, 2 indexers and, 2 Forwarders a Clust...
by miguelangelclem Explorer in Splunk Enterprise Security 03-27-2020
0 4
0
4
rroyko
I am trying to create a dashboard with a search that shows the top 10 entries but I also need to be able to export al...
by rroyko New Member in Splunk Enterprise Security 03-26-2020
0 1
0
1
DanEhrlich
Is there a way to create a container in Phantom using results from a Splunk search?
by DanEhrlich Loves-to-Learn in Splunk Enterprise Security 03-26-2020
0 2
0
2
PCT80000
We have upgraded the app to 3.0.0, but now we cant get the Data Inventory Introspection to complete. In the previous...
by PCT80000 Explorer in Splunk Enterprise Security 03-26-2020
1 1
1
1
m87
I tried to update the Identity lookup Expanded manually but i ended up deleting it. after that i started to get the ...
by m87 New Member in Splunk Enterprise Security 03-26-2020
0 0
0
0
kthudi6
I did tried with below query where as i am getting action results edit but i am not able see what is edited like deep...
by kthudi6 New Member in Splunk Enterprise Security 03-25-2020
0 0
0
0
kthudi6
I did tried with below query where as i am getting action results edit but i am not able see what is edited like deep...
by kthudi6 New Member in Splunk Enterprise Security 03-25-2020
0 0
0
0
poiromaniax
Hi all, We have our ossec logs from servers being sent to a forwarder and then the forwarder to indexer. On the forw...
by poiromaniax Explorer in Splunk Enterprise Security 03-25-2020
0 0
0
0
charlesukah22
I have two indexes that I need to join to get data from both of them, unfortunately there are no common values on bot...
by charlesukah22 Explorer in Splunk Enterprise Security 03-25-2020
0 1
0
1
stewdapew
I want to balance the use of cache capacity with SmartStore. I want to keep recent buckets in cache while allowing ol...
by stewdapew Loves-to-Learn in Splunk Enterprise Security 03-24-2020
0 0
0
0
aashnaa
Trying to build user activity/configuration changes monitoring for meraki logs in splunk.
by aashnaa New Member in Splunk Enterprise Security 03-24-2020
0 1
0
1
sarwshai
Hi, 1) I want to move my hot/warm bucket to cold after 90 days, is it possible to roll buckets based on time duratio...
by sarwshai Communicator in Splunk Enterprise Security 03-24-2020
0 4
0
4
malisushil
hello, we are planning to change the Splunk login ID which is linked with AD, the change is due to the existing ID c...
by malisushil New Member in Splunk Enterprise Security 03-24-2020
0 0
0
0
woodentree
Hello, We’d like to monitor role modifications of our Splunk accounts. The goal is to know who modified what role an...
by woodentree Communicator in Splunk Enterprise Security 03-23-2020
0 1
0
1
pbalbasdtt
Hi all, We have a Splunk infrastructure with ESS using SmartStore over S3 on AWS. We moved from Splunk 7.3.0 to 7.3....
by pbalbasdtt Path Finder in Splunk Enterprise Security 03-23-2020
0 0
0
0
ertg
Hello, Does a trial version of Splunk App for Enterprise security exist ? Thanks.
by ertg New Member in Splunk Enterprise Security 03-22-2020
0 3
0
3
lucas4394
Hi All, Is there a way to list out all the dependent addons for Splunk Enterprise Security app? For instance, SA...
by lucas4394 Path Finder in Splunk Enterprise Security 03-20-2020
0 1
0
1
girtsgr
Hi! I want to use a tstats search to monitor for network scanning attempts from a particular subnet: | tstats `summ...
by girtsgr Explorer in Splunk Enterprise Security 03-20-2020
0 4
0
4
mahendra559
25days convert to seconds and difference with current time to seconds and display the difference time
by mahendra559 New Member in Splunk Enterprise Security 03-19-2020
0 3
0
3
saveriobocca
Hi all, I have Splunk ESS Version: 7.1.3. After updating the GeoLite2-City.mmdb db (last 17/3/20) I noticed that in ...
by saveriobocca Loves-to-Learn Lots in Splunk Enterprise Security 03-19-2020
0 0
0
0
robert_miller
Has anyone been able to configure the taxii feeds for AIS and CISCP in Enterprise Security? In the arguments, I have...
by robert_miller Path Finder in Splunk Enterprise Security 03-19-2020
0 2
0
2
bhaskarasplunk
Is CCURE add-on compatible with CCURE 9000
by bhaskarasplunk Explorer in Splunk Enterprise Security 03-19-2020
0 5
0
5
Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...