Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
montydo

Syslog & TA event ingestion

Hi Everyone, I've inherited a splunk platform and need assistance with syslog configuration. The current configurati...
by montydo Explorer in Splunk Enterprise Security 03-10-2020
2 3
2
3
rashhvarikuti

Getting incorrect data while I am using rex splunk

I wrote below query to get the data and display in my dashboard. And I am getting results with correct data + getting...
by rashhvarikuti New Member in Splunk Enterprise Security 03-10-2020
0 4
0
4
thomasvanhelden

CIM Data Model Best Practices - What (not) to include in the data model?

Hello, I was curious to see if there are any best practices for mapping to CIM data models. More specifically, I'm l...
by thomasvanhelden Explorer in Splunk Enterprise Security 03-09-2020
1 5
1
5
PramodhKumar

Field Extraction for different types of data

Hi Splunkers, Splunk suggests to extract fields at forwarders for structured data, why? and what if i have field nam...
by PramodhKumar Explorer in Splunk Enterprise Security 03-08-2020
0 7
0
7
yossefn

How to fix - Lookup file working properly when running "inputlookup" command but in search time not all fields are extracted.

I have a lookup file to add additional fields to events. When running the "inputlookup" command I can see all the fi...
by yossefn Path Finder in Splunk Enterprise Security 03-08-2020
0 4
0
4
CurryPan

Splunk Enterprise Security 製品のリリース日について

Splunk の Support Policy が変更され Splunk Premium apps は、メジャーリリースまたはマイナーリリースから 24 か月後に EOL を迎えるかと思います。ただ、該当する Splunk Enter...
by CurryPan Communicator in Splunk Enterprise Security 03-07-2020
0 2
0
2
rashid47010

Trend Micro officescan and deepsecurity sourcetype as not papulating in Malware datamodel

Maily I have three sourcetypes sourcetype=Officescan ( workstation logs( signature update, malware etc) sourcetype =...
by rashid47010 Communicator in Splunk Enterprise Security 03-07-2020
0 3
0
3
canyavall

Display a pie from different values summing some of them

Hi All, I need to show a pie for failed and succeed values, we know those values from the field "type" but 3 of them ...
by canyavall New Member in Splunk Enterprise Security 03-05-2020
0 2
0
2
philman15

How to create a search for resting users and users changing their password

I'm trying to make a search that allows me to see users resting and changing their password. I have this SPL: index=...
by philman15 New Member in Splunk Enterprise Security 03-05-2020
0 4
0
4
PebbleHG

Investigations in ES vs Phantom

In recent discussions with Splunkers and customers, I keep hearing about how the plan is to launch investigations in ...
by PebbleHG Engager in Splunk Enterprise Security 03-04-2020
2 2
2
2
woodentree

How to set up cron to run search out of working hours?

Hello, We would like to run a correlation search every 15 minutes but only out of working hours. It means from 6pm t...
by woodentree Communicator in Splunk Enterprise Security 03-04-2020
0 6
0
6
vikram1583

need some help in writing SPL for below scenerio

i Have 2 source types each source type having asset_id field i want a search to display same asset_id that is in b...
by vikram1583 Explorer in Splunk Enterprise Security 03-03-2020
0 2
0
2
rtalcik

How to build a lookup list without fields

Is it possible to import a lot of IP addresses into a lookup list and search the lookup list without assigning the ad...
by rtalcik Path Finder in Splunk Enterprise Security 03-03-2020
0 5
0
5
squatforeever

How to I pass 2 fields from subsearch

Hi guys, I'm having a query that take 2 fields from specific index type, and then going out to the main index in orde...
by squatforeever New Member in Splunk Enterprise Security 03-03-2020
0 1
0
1
mkrishnan

Multiple login pages for single splunk instance

I came across different login pages for same instance. One is SSO enabled and another one is local authentication. Wh...
by mkrishnan Engager in Splunk Enterprise Security 03-03-2020
0 1
0
1
woodcock

Make "Show on Timeline" default to "Yes" (checked) in Enterprise Security "Add a Note" dialog?

Why in the world is this not the default? How can I force it to be the default?
by Esteemed Legend in Splunk Enterprise Security 03-02-2020
1 0
1
0
stroud_bc

How to access non-threat Intelligence downloads as a file

I have configured ES to download the list of free webmail-hosting domains below as an intelligence download (Data inp...
by stroud_bc Path Finder in Splunk Enterprise Security 03-02-2020
0 3
0
3
damode

Anyone have experience with ingesting Nessus scan data into Splunk with the new Tenable app/add-on ?

Anyone have experience with ingesting Nessus scan data into Splunk with the new Tenable app/add-on ? if yes, please ...
by damode Motivator in Splunk Enterprise Security 03-02-2020
1 1
1
1
danielbb

Can WinEventLog populate the Endpoint datamodels?

We wonder whether the WinEventLog can be applied to the Endpoint datamodels. It seems to us that - Endpoint.Process...
by danielbb Motivator in Splunk Enterprise Security 03-01-2020
0 1
0
1
sumanssah

Capture "Splunk Enterprise Security" Changes

Hello All, Is there is any way to identify "whats all changes performed on Splunk Enterprise Security" . Example ...
by sumanssah Communicator in Splunk Enterprise Security 03-01-2020
0 3
0
3
gcusello

Warning after Splunk upgrade to 8.0.2 and Enterprise Security to 6.1.0

Hi at all, I've just upgraded Splunk Enterprise from 7.1.1 to 8.0.2, Enterprise Security from 5.2.0 to 6.1.0. and all...
by SplunkTrust SplunkTrust in Splunk Enterprise Security 02-28-2020
0 6
0
6
woodentree

How to implement multiple where conditions with like statement using tstats?

Hello, We'd like to monitor configuration changes on our Linux host. For that we want to detect when in the datamode...
by woodentree Communicator in Splunk Enterprise Security 02-28-2020
0 4
0
4
jpawloski

Correlation Search has stopped generating notable events

I have a Correlation Search that ceased generating notable events without any sort of change or adjustment to the sea...
by jpawloski Path Finder in Splunk Enterprise Security 02-27-2020
0 0
0
0
Braagi

Combining two fields with a constant string between

I am pulling two fields from a CSV based off of a field in live logs, then combining them into one field with a const...
by Braagi Explorer in Splunk Enterprise Security 02-27-2020
0 9
0
9
melonking

How can i utf8processor warn message, using charser auto?

WARN UTF8Processor - Using charset UTF-8, as the monitor is believed over the raw text which may be UTF-16LE - data_s...
by melonking Observer in Splunk Enterprise Security 02-26-2020
0 0
0
0
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...
Top Solution Authors
View All