Splunk Enterprise Security

Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
cpaul8

Issue with field value update in lookup cache file

The Lookup cache has been generated with 90 days baseline before Search 2 in which "dest" field is not "null" for any...
by cpaul8 New Member in Splunk Enterprise Security 01-28-2020
0 0
0
0
coryangspl

Do Splunk Partners offer employment on a vocational basis?

Many companies looking for candidates with expertise and experience using Splunk products. I have earned my Splunk Ce...
by coryangspl New Member in Splunk Enterprise Security 01-28-2020
0 1
0
1
danny12345

Does Splunk support double NIC interfaces on the private network to improve performance?

First, some background info on our Splunk system. We are setting up a 2-site cluster with a replication factor of 2....
by danny12345 Explorer in Splunk Enterprise Security 01-28-2020
0 9
0
9
lars312

How can I merge multiple fields per event and separate them using a delimiter, but keep each event separate in my table/stats results?

EXAMPLE TABLE/STATS: field_1 field_2 012 blah1 345 blah2 ABC blah3 678 blah4 ...
by lars312 Engager in Splunk Enterprise Security 01-28-2020
0 1
0
1
potnuru

Eval for passing String format Time value to Number format to drill down panel trough tokens $row.time$

While using the drill-down from dashboard panel1 to panel2, I want to pass the Time from panel1 to panel1 when a user...
by potnuru Path Finder in Splunk Enterprise Security 01-28-2020
0 11
0
11
Zerophage

Adaptive Response - Log Event

Hello all, I'm using a Correlation Search to create a Log Event as below: hxxps://docs.splunk.com/Documentation/Splu...
by Zerophage New Member in Splunk Enterprise Security 01-28-2020
0 0
0
0
celdridge1988

Field Extraction - Nothing is happening

To cut a long story short, i'm looking to extract a CVE number for my Vulnerabilities Data Model for ES. An example o...
by celdridge1988 Engager in Splunk Enterprise Security 01-28-2020
0 8
0
8
DawoodUlex

How to create report of excessive failed login user with head 5?

Hi Team, I want to create a report of excessive failed login users who have more than 5 failed login attempts from a...
by DawoodUlex New Member in Splunk Enterprise Security 01-28-2020
0 3
0
3
alexspunkshell

How to change frequency of messages received in splunk

I am receiving lot of messages in Splunk. I want to change the frequency of the messages receiving in splunk. Kindly ...
by alexspunkshell Contributor in Splunk Enterprise Security 01-28-2020
0 3
0
3
macklaud

Splunk Add-on for Microsoft Office 365

Hi, I receive all the data from different tenants, but my data is not tagged to be able to use it in my Enterprise S...
by macklaud New Member in Splunk Enterprise Security 01-28-2020
0 1
0
1
hketer

CIM installation - different UI

Hi All, I've installed CIM (same installation file) on 2 search heads. both of them with the same configuration, sam...
by hketer Path Finder in Splunk Enterprise Security 01-28-2020
0 0
0
0
ibmresilient

Upgrade Splunk ES from 5.7.1 to 6.1.0 for Splunk 8.0.1: Does 6.1.0 support Python?

Hello, We are running Splunk 8.0.1 with Splunk ES 5.7.1 (python3 enabled). Everything works fine. Then we just dow...
by ibmresilient Path Finder in Splunk Enterprise Security 01-27-2020
1 3
1
3
einervonvielen2

Security: Is a fake alert app useless?

Hi everyone, preparing for my master´s thesis my supervisor at the uni suggested to create an app that produces fak...
by einervonvielen2 Explorer in Splunk Enterprise Security 01-27-2020
0 7
0
7
hrs2019

How To rename the field value name from the output.

Hi I want to rename output field value name Week1 1. Systems ops 12.1 to ops 2 .Systems dev 12.1 to dev B...
by hrs2019 Path Finder in Splunk Enterprise Security 01-27-2020
0 3
0
3
crisp023

Golden Ticket

Has anyone had success with setting up alerting for the Golden Ticket attack? I don't see a lot of info about it onl...
by crisp023 New Member in Splunk Enterprise Security 01-25-2020
0 1
0
1
AlexeySh

Is it possible to import AlienVault OTX data to Splunk in easy way?

Hello, I’d like to enrich a Splunk ES Threat Intel database and I'm trying to find an easy way to import AlienVault ...
by AlexeySh Communicator in Splunk Enterprise Security 01-24-2020
1 6
1
6
cybersecrav

Does an IOC get removed from ip_intel if you remove it from the local lookup

Hi all, So I followed the guide here https://docs.splunk.com/Documentation/ES/4.5.1/User/Configureblocklists in ord...
by cybersecrav New Member in Splunk Enterprise Security 01-23-2020
0 0
0
0
woodentree

Is it possible to list what source my correlation search is based on?

Hello, We'd like to help our analysts to tell which correlation search is impacted in case of log source issue. But ...
by woodentree Communicator in Splunk Enterprise Security 01-23-2020
0 2
0
2
stroud_bc

zScaler "url" field lacks protocol and doesn't match threat lists in ES

We use the zScaler proxy product and have it configured with NSS to collect logs in Splunk Enterprise. We also downlo...
by stroud_bc Path Finder in Splunk Enterprise Security 01-22-2020
0 1
0
1
itsmevic

Subtracting Two Dates to get a Difference in Days

Hello, I'd like to obtain a difference between two dates. One of these dates falls within a field in my logs called...
by itsmevic Communicator in Splunk Enterprise Security 01-22-2020
0 6
0
6
marktait1971

Where can I find a list of the standard use cases Splunk comes with?

I'm looking for a list of "out of the box" use cases that Splunk comes with - to do a gap analysis between that, and ...
by marktait1971 Explorer in Splunk Enterprise Security 01-22-2020
0 6
0
6
damode

How to upgrade add-ons on Indexers and Forwarders after Splunk ES upgrade ?

After upgrading ES search head, what is the recommended way to upgrade add-ons on Indexers and forwarders ? Based on...
by damode Motivator in Splunk Enterprise Security 01-22-2020
0 5
0
5
burakatabay

First Time Seen Running Windows Service Alert On Splunk Enterprise Security

Hi Splunkers, We have realized our "First Time Seen Running Windows Service " Correlation search seen below has been...
by burakatabay Path Finder in Splunk Enterprise Security 01-22-2020
0 2
0
2
arlombar

Splunk Enterprise Security: Lookups and other props/transforms

Hello, I've run into an issue lately where I want both my search heads and Enterprise Security to show the same fie...
by arlombar Explorer in Splunk Enterprise Security 01-21-2020
0 3
0
3
vn_g

Windows AD Logs - Need actor /recipient details for "admonEventType=Update" ?

How to get the list of username and domain of both the actor (who makes the changes) and the recipient (which object ...
by vn_g Path Finder in Splunk Enterprise Security 01-20-2020
0 0
0
0
Get Updates on the Splunk Community!

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...
Top Solution Authors
View All