Splunk Enterprise Security

Discussions

Thread Info

Creating a simple dashboard on ticket closed count

I have been playing around with creating dashboards and wanted to create one that can count how many tickets have bee...

by New Member in

How to post a csv from a outputlookup to a url

I'm trying to post a csv file that I've generated from a outputlookup to a url. For example http://splunk.test.test2....

by Engager in

Excessive DNS Queries exclude by tag

Hi, I tried to find out how to exclude tags from tstats search. My search is: | tstats summariesonly=true allow_o...

by New Member in

Why does ESS "Incident Review Settings" hangs on "Loading"?

When trying to access Incident Review Settings it just sit there on "Loading". Is there any fix for this? I Have Splu...

by Explorer in

Why is ESS "My Investigations" is not Loading.

When I go to ESS "My Investigations" Section it hangs on Loading. We are at Splunk Enterprise v7.2.3 and Splunk Enter...

by Explorer in

How to output a single result when matching multiple results within a lookup table.

I have an application file imported to be used as a lookup table in order to set the priority on servers within Asset...

by Path Finder in

Monitoring Account Creation in Windows with High Privileges

over ES , any way to monitor windows account assigned with high privilege. I only know of EventID 4672 . What all oth...

by New Member in

Is there an Audit log that tracks changes to content in Splunk Enterprise Security?

We have multiple people making changes to the content in Splunk Enterprise Security and I need to be able to track do...

by Path Finder in

Help me in creating a index.conf for new index.

I am having trouble in creating an index.conf, what could be the issue here I not getting it. check attachment, pleas...

by Path Finder in

trigger correlation rule for past event occurance

there was one event occured yesterday and we have one correlation rules against that. unfortunatley it was not trigge...

by Communicator in

Asset investigator

Dear Experts, I want to achieve below: 1- I want that when I put hostname/server name in asset investigator it ...

by Communicator in

Creating Assets csv file correlating logs from dhcp and Cisco ISE

We are creating assets inventory using different logs in Splunk. For this purpose, we first created list of “nt_host”...

by Engager in

How many resources would I need to receive 150 GB per day?

Hello team, I want to build a new SIEM using Splunk. I hope to receive between 100 and 150 GB of data per day. ...

by Path Finder in

Need assistance with ES error after upgrade from 5.2.2 to 5.3

I did upgraded my SPLUNK ES v5.2.2 to 5.3. none of the configure options are not working. Options like ES permiss...

by Path Finder in

Example of "adaptive response action" execute error

Hi Splunkers, I followed the example of "adaptive response action" in this website https://dev.splunk.com/view/enterp...

by Loves-to-Learn in

Splunk ES 4.7.6 - How do we track active investigations via lookup?

Is there a lookup I can use to create a custom table of active investigations? I am trying to create a table that sho...

by Builder in

Join command working

When nesting two commands using join, how can I verify if the Join command is returning the value of the field. [...

by Engager in

Wildcard for domain search

I am trying to find the domain that came in the logs but were faked to look similar for our domain. So if my domain i...

by New Member in