Splunk Enterprise Security

Discussions

Thread Info

CIM compliance of data from two different sources

I have two set of questions on which I am looking for inputs. 1. I have data from multiple tables for an application....

by Path Finder in

Feature Request: restrict the KPIs of a glass table in ES on refresh interval

I would like to be able to restrict the KPIs of a glass table in ES on refresh interval. The refresh interval can...

by Explorer in

Splunk business questions

Hi Guys I am working for a new client that wants me to develop a monthly report/dashboard for their business. I am tr...

by Explorer in

How to upgrade splunk enterprise and enterprise security?

I have to upgrade splunk enterprise (from 7.2.6 to 8.0.1 ) and enterprise security (from 5.3.0 to 6.0.0) I am followi...

by Explorer in

Splunk Enterprise security version 6 having issues

Splunk Enterprise security version 6 having issues we get the errors in incident review with the SA-Threat Intell...

by New Member in

how to create incident from an triggered alert

Hi, I'm trying to create a alert action to create a incident when any alert gets triggered. Whats the best way to...

by Explorer in

How to control Report time range

I have some saved Splunk reports. I am calling these reports every hour by JAVA API call. If any hour due to some iss...

by Communicator in

ERROR X509 - X509 certificate alternate namedid not match any allowed names

Hi All, I have this issue that device is not logging to splunk. When I checked the splunkd.log I have found this e...

by New Member in

Where to install Phantom Remote Search

Does the Phantom Remote Search app get installed on my Enterprise Security Search Head, a HEC server, or another serv...

by Explorer in

Free Courses for government personnel?

Does Splunk offer any additional courses for government personnel? Kind Regards, Mike

by New Member in

Splunk Enterprise Security Threat Intelligence does not have field "Organization"

From my threat intel source, we tried to forward the intelligence source to Splunk ES-> Threat Intelligence The ra...

by Engager in

Setup multiple layouts in ES incident review for various users

How to customize the ES Incident Review in a way: 1) Once logged in, users can only see the Incident Review Dashboard...

by Engager in

Universal Fowarder: Upgrade and switch to low privilege mode

Hey All, We are planning on moving all of our UF's to the low priv mode install but I had a question. Our curre...

by Builder in

Log Parsing is not happening for PaloAlto logs

Palo Alto firewall device (IPS and IDS only) is sending logs to rsyslog server and it gets saved in a directory. The ...

by Path Finder in

Need help with Configuring Splunk Add-on for Cisco ESA

Hello All, I have been going through Multiple posts but still not able to configure my Splunk Add-on for Cisco ESA...

by Path Finder in

Problem integrating Infoblox in Splunk

Good Morning, I am implementing Infoblox logs in Splunk and it is giving me problems. I have 3 Splunk machines, on...

by New Member in

Enterprise Security: Why is signature a recommended field according to the cim validator?

The cim validator shows the signature field as a recommended field for the Authentication datamodel while the followi...

by Motivator in

How do I send AWS GuardDuty Logs to Splunk?

Hello all, I'm currently trying to send AWS GuardDuty logs to Splunk and am hoping someone here can help. I'm u...

by Path Finder in

How to find root cause and solution for Unable to distribute to peer named xxxxxxxxxxxxx at uri= xxxxx

Unable to distribute to peer named xxxxxx at uri=xxxxxxxx:8089 using the uri-scheme=https because peer has status=2. ...

by Contributor in

How to combine rows with overlapping MV values

I have data from a couple different sources that I am trying to combine together into coherent results. The issue I a...

by Explorer in

Enterprise Security 6.x Multisite Search head Cluster

Hi, Does anyone happen to know if Multisite search head clustering is suppported in ES 6.x? The validated architec...

by Path Finder in

Earliest and latest time URL parameter

Hi, I have a scheduled search in Splunk with the following link in the description field [1] and would like to captur...

by New Member in

Deployment Sizing on AWS

We are deploying Enterprise Security for various clients on AWS, and are in the planning phase. I am attempting to cr...

by Path Finder in

HTTP 400 and 401 Error when attempting to ingest Azure AD sign-in logs

We have gone through several weeks of trying to setup a solution to ingest sign-in logs. After finally getting what w...

by New Member in

How to keep field names with mvaprend function?

Hello, In Enterprise Security's Asset Center I'd like to create a new field called "Comment". The goal is to fill ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

CIM compliance of data from two different sources

Feature Request: restrict the KPIs of a glass table in ES on refresh interval

Splunk business questions

How to upgrade splunk enterprise and enterprise security?

Splunk Enterprise security version 6 having issues

how to create incident from an triggered alert

How to control Report time range

ERROR X509 - X509 certificate alternate namedid not match any allowed names

Where to install Phantom Remote Search

Free Courses for government personnel?

Splunk Enterprise Security Threat Intelligence does not have field "Organization"

Setup multiple layouts in ES incident review for various users

Universal Fowarder: Upgrade and switch to low privilege mode

Log Parsing is not happening for PaloAlto logs

Need help with Configuring Splunk Add-on for Cisco ESA

Problem integrating Infoblox in Splunk

Enterprise Security: Why is signature a recommended field according to the cim validator?

How do I send AWS GuardDuty Logs to Splunk?

How to find root cause and solution for Unable to distribute to peer named xxxxxxxxxxxxx at uri= xxxxx

How to combine rows with overlapping MV values

Enterprise Security 6.x Multisite Search head Cluster

Earliest and latest time URL parameter

Deployment Sizing on AWS

HTTP 400 and 401 Error when attempting to ingest Azure AD sign-in logs

How to keep field names with mvaprend function?

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

Palo Alto apps and add-ons for splunk

Dashboard PNG schedule export setting is not viewa...

Incident_updates_lookup not updating urgency and r...

Create Investigation SOAR

Correlation Search: Next Step: Ping - NSLOOKUP - R...

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions