Splunk Enterprise Security

Community Activity

getting replication error on DMC host only for ES SH. unable to get this host added as search peers. Hi Everyone, I am configuring ES SH on DMC . Distributed search » Search peers. but it is failing "replication statu... by maniyavar Explorer in Splunk Enterprise Security 03-16-2020 0 3	0	3
Host is frequently down in Linux. How to find the root cause Particular host if frequently down in linux. Kindly help me the steps to find the root cause and fix the issue. by alexspunkshell Contributor in Splunk Enterprise Security 03-16-2020 0 1	0	1
LDAP authentication has stopped unknown reason Hello it seems one of the LDAP strategies has stopped working for unknown reason. I have confirmed password and the ... by flyers777 Explorer in Splunk Enterprise Security 03-16-2020 0 1	0	1
Microssoft SOC Intergrated With Splunk Please how can I integrate Microsoft SOC as a Service with Splunk? what are the business benefits by rhugo Observer in Splunk Enterprise Security 03-16-2020 0 0	0	0
Bitbucket Cloud Compatibility Hello, Could you please let me know if this add-on is working with Bitbucket Cloud as well? Or just with BItbucket ... by dkloud Explorer in Splunk Enterprise Security 03-16-2020 0 0	0	0
Vulnerability scan: how to grab the last scan data only? Hello, We'd like to create a dashboard for our vulnerability data. Our two main goals are: 1. Track the number of vu... by woodentree Communicator in Splunk Enterprise Security 03-16-2020 0 4	0	4
Splunk Investigation Reporting/Dash Hi all, Is there a way we can see all new/pending/closed investigations created? Mind you we can create investigatio... by siddh01r New Member in Splunk Enterprise Security 03-15-2020 0 0	0	0
Custom adaptive response action not showing. Hi Splunkers, I need a custom adaptive response and ı read this documentation. "https://dev.splunk.com/enterprise/do... by burakatabay Path Finder in Splunk Enterprise Security 03-14-2020 0 0	0	0
Shutdown procedure Need to power off spunk server tonight for emergency power maintenance. Does anyone know where i can get the shutdow... by kevinlarkin New Member in Splunk Enterprise Security 03-13-2020 0 3	0	3
Palo Alto app Dashboard not showing any data. Hello Folks, Please I am having an issue where my PA app is not showing events and I am able to run searches and fi... by amksa Explorer in Splunk Enterprise Security 03-13-2020 0 3	0	3
How to write query-rex to get table inside table data? How to write a rex query for table inside table for the below case "studentInfo": {<!-- --> "name": "Apple", "id": "... by rashhvarikuti New Member in Splunk Enterprise Security 03-13-2020 0 3	0	3
Splunk Enterprise Security: How to troubleshoot why the threat_activity index is no longer populating with data? The threat_activity index isn't populating anymore, and to be honest, I'm not sure how it's supposed to populate. Th... by niemesrw Path Finder in Splunk Enterprise Security 03-12-2020 2 3	2	3
What's your favorite vuln scanner to use with Splunk? All, What's your favorite Vulnerability scanner to use with Splunk? That is what have you seen generate the best lo... by daniel333 Builder in Splunk Enterprise Security 03-12-2020 0 6	0	6
Extracting multiple values in a Splunk Search **Hi All, I need help extracting {0000000-0000-0000-0000-000000000000} and {0000000-0000-0000-0000-000000000000} fro... by enymanu New Member in Splunk Enterprise Security 03-12-2020 0 6	0	6
EPD compare to \| tstats count Hi All, I have encountered a miss match between the license EPD of the ES and the \| tstats count command of the same... by astatrial Contributor in Splunk Enterprise Security 03-11-2020 0 8	0	8
Check failed and success from all users with single ip Hi, i am trying to find failed and success from all users with single ip. so it would show like.. 1p 1.1.1.1...use... by siddh01r New Member in Splunk Enterprise Security 03-10-2020 0 4	0	4
Why aren't Enterprise Security Webhooks and PagerDuty in the dropdown in ES Adaptive Response? Not sure why I see all my alert option in searching and reporting, but when I look in enterprise security web hooks a... by tonymorin Explorer in Splunk Enterprise Security 03-10-2020 0 9	0	9
subsearch join Anything wrong with this join and subsearch? I know there are events which should match based on the 'cs_host' field.... by jacqu3sy Path Finder in Splunk Enterprise Security 03-10-2020 0 3	0	3
is there anything special that has to be done to make the search activity app work with splunk 8.0.2? splunkweb won't start after I upgraded to 8. after upgrading to 8.0.2 from 7.3.1, splunkweb won't start. after I remove the search activity app it starts again. by jlstanley Path Finder in Splunk Enterprise Security 03-10-2020 0 0	0	0
Trace a value in Splunk / data lineage Hi, is there a way to trace the origin of a specific value in Slunk? Currently I am trying to figure out with eventt... by mihenn Path Finder in Splunk Enterprise Security 03-10-2020 0 3	0	3
lookup table with un-parsed data Hi, I am new to Splunk. I was wondering if anyone knew if its possible to query a lookup table that has un-parsed da... by hbfblueteam New Member in Splunk Enterprise Security 03-10-2020 0 1	0	1
Syslog & TA event ingestion Hi Everyone, I've inherited a splunk platform and need assistance with syslog configuration. The current configurati... by montydo Explorer in Splunk Enterprise Security 03-10-2020 2 3	2	3
Getting incorrect data while I am using rex splunk I wrote below query to get the data and display in my dashboard. And I am getting results with correct data + getting... by rashhvarikuti New Member in Splunk Enterprise Security 03-10-2020 0 4	0	4
CIM Data Model Best Practices - What (not) to include in the data model? Hello, I was curious to see if there are any best practices for mapping to CIM data models. More specifically, I'm l... by thomasvanhelden Explorer in Splunk Enterprise Security 03-09-2020 1 5	1	5
Field Extraction for different types of data Hi Splunkers, Splunk suggests to extract fields at forwarders for structured data, why? and what if i have field nam... by PramodhKumar Explorer in Splunk Enterprise Security 03-08-2020 0 7	0	7