Splunk Enterprise Security

Thread Info

Finding Changes To Audit Mechanisms or Audit/Data Logs

Was hoping someone could give me some assistance with finding changes to audit mechanisms or changes to audit/data lo...

by New Member in

Checkpoint R80.20 integration with Checkpoint

I am trying to integrate Checkpoint running on Gaia OS version R80.20 to heavy forwarder. I am using checkpoint log e...

by New Member in

We are getting the below error while accessing the splunk enterprise security free trial next day of registration?

Error in 'litsearch' command: Your Splunk license expired or you have exceeded your license limit too many times. Ren...

by New Member in

how to use the summary index in real time

I am new to Summary Indexing. Can you please let me know how to use summary indexing in dashboards?

by New Member in

How to exclude the events in the default "Anomalous Audit Trail activity detected" search in ES, if its a reboot?

Hello Everyone, We currently have the below default search from ES to alert for anomalous audit log clearance acti...

by Explorer in

Fine-tune Incident Review - Splunk ES

Hi All, We are using Splunk ES app in our environment and log sources are integrated to it and I am working on to mak...

by Path Finder in

Eval value depending on hour of day

Is there a way to return a specific value if an event is seen between 18:00 and 07:00 the following day? I need t...

by Path Finder in

Scheduled search event links

Hi I have a scheduled search in Splunk that get forwarded to ServiceNow and I would like to include the original link...

by New Member in

Major upgrade fail on ES from version 4.5.2 to 5.0.1. Please help !!!

After I installed the ES app, I got the error as shown in the attached picture. On the ES upgrade page, I noticed it...

by Motivator in

splunk enterprise add data - monitor - how to fetch data in real time

In splunk enterprise security, I am trying to add data from a directory using 'Monitor'. Files gets created in the di...

by Explorer in

Not sure how to go about my search

sorry I am fairly new to Splunk and not sure how to go about getting my search to work so I apologize if I am using t...

by Engager in

Extracted field not showing up after creation, though it displays in "+ Extract New Fields"

There have been questions similar to this in the past, and none of the fixes listed have fixed my issue. The created ...

by Explorer in

Dashboard Query / Search Resource Utilization - Time To Complete

Hello all, thanks for taking the time to read this post. I am writing today about an issue we seem to be having with ...

by Engager in

Adaptive Response Not Pulling Variables

I've been using AR rules within notables for about a year now and I've had quite a bit of success with it. Previously...

by Path Finder in

2 Stats Queries Within A Single Search?

Currently, my stats command is done by both the Computer Field and the Group field. This allows me to create an eval ...

by Explorer in

Why am I getting "Invalid key in stanza [identityLookup] in /opt/splunk/etc/apps/SA-IdentityManagement/local/identityLookup.conf, line 6: eai:appName (value: SA-IdentityManagement)." ?

Everytime after splunk startup, I get the following message, Invalid key in stanza [identityLookup] in /opt/splunk...

by Motivator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Enterprise Security

Discussions

Finding Changes To Audit Mechanisms or Audit/Data Logs

Checkpoint R80.20 integration with Checkpoint

We are getting the below error while accessing the splunk enterprise security free trial next day of registration?

how to use the summary index in real time

How to exclude the events in the default "Anomalous Audit Trail activity detected" search in ES, if its a reboot?

Fine-tune Incident Review - Splunk ES

Eval value depending on hour of day

Scheduled search event links

Major upgrade fail on ES from version 4.5.2 to 5.0.1. Please help !!!

splunk enterprise add data - monitor - how to fetch data in real time

Not sure how to go about my search

Extracted field not showing up after creation, though it displays in "+ Extract New Fields"

Dashboard Query / Search Resource Utilization - Time To Complete

Adaptive Response Not Pulling Variables

2 Stats Queries Within A Single Search?

Why am I getting "Invalid key in stanza [identityLookup] in /opt/splunk/etc/apps/SA-IdentityManagement/local/identityLookup.conf, line 6: eai:appName (value: SA-IdentityManagement)." ?

list down the extracted fields by app and user

How to troubleshoot notable events not generating / not showing under Incident Review?

What is the recommended Stripe size for Splunk when cutting your RAID settings?

Radiant logic enterprise directory integrate with splunk

regex - everything after last slash

sourcetype autopopulate

TA-microsoft-sysmon for version 10 support

Will an updated datetime.xml temporarily solve the Y2K timestamp issue?

Upgraded from 7.0.5 to 7.3.2 and |datamodel searches now fail - anyone ever see this issue?

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application

New Splunk Innovations Enhance Performance and Accelerate Troubleshooting

ES Notable Security Domain Issue

Where does the information related to Splunk Inves...

Risk-Based Alerting FAQs

Splunk Enterprise Security Install Error In Deploy...

Enterprise Security - Correlation Search - Notable...