Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

No SSL certificate validation can be performed since no CA file has been provided

Splunk version 6.5.2 Getting the below error on Splunk SH with ES, 2019-10-25T00:45:02.649Z W CONTROL No SSL ...

by Motivator in

Field Extractor

Hello, The field extractor stops at line 20. If what I am looking for is on a line after that what can I do to pul...

by Communicator in

Splunk itsi and splunk enterprise security on same indexer cluster

Hello Experts, Checking if we can plan and implement splunk itsi (on a separate sh cluster) and splunk es(on a sep...

by Communicator in

Splunk Enterprise Security adding new View and navigation

Hi All, I need to understand, we need to add new view and navigation tab to the Enterpirse Security app. But i nee...

by Explorer in

Where can I check Splunk Search Head compatibility with Indexers ?

I have Splunk Search Head version 6.5.2 with ES 4.5.2. I am planning to install Indexers of 7.3.x version. My plan is...

by Motivator in

Use cases in Enterprise Secuirty

How to fetch and where to find what and all are the use cases which we have created till date in Enterprise Security ...

by Path Finder in

Cloning information and forwarding to another splunk indexer from a splunk indexer

Issue: I am attempting to get a specific index from an internal splunk setup to an external one without clustering. T...

by Explorer in

How to generate a report based on utilisation of AWS services covering cost & capacity management in Splunk?

Hi I would like some query's or a query combined into one which gives me information about the following point's ...

by New Member in

Splunk Component Reboot/Restart Detected

Hi, Is there a way to notify if any splunk components were restarted. For Example-Deployment servers, Search heads...

by New Member in

field extraction

Same sourcetype have two different patterns in that case how can I define field extractions? Because field extraction...

by Path Finder in

Where should I install Fortinet Fortigate Add-On for Splunk?

Hi All, We are using Splunk Cloud environment with One Adhoc Search Head and one Enterprise Security Search head. ...

by Path Finder in

How I can extract two diferent events in a single search

Im new in this and I need some help with this for example I need to correlate two events from linux. my first s...

by Engager in

Discarding Specific type of traffic either on forwarder or indexer fails

Discarding Specific type of traffic either on forwarder or indexer fails, I tried to discard it using blacklist on fo...

by New Member in

Versions above 7.1 for UFMA?

The Splunkbase page says, "Splunk Versions: 7.1, 7.0, 6.6, 6.5" are supported. Perhaps this is futile, then (if so, s...

by Explorer in

Enterprise Search: What are the Recommended Fields?

The SA-cim-validator displays the recommended fields while the official documentation at Common Information Model Add...

by Motivator in

How to move Enterprise Security to new search head

I'm planning on moving the Enterprise Security app from one search head to another; search heads are not clustered. ...

by Explorer in

How to group similar events into one event

Hi, We have pulled logs from our Anti Virus software into splunk and are in process of trying to filter through wh...

by New Member in

Sonicwall data Enterprise Security

Hi, I integrated my firewall sonicwall using the guide for Dell Sonicwall Analytics and this applications is worki...

by Explorer in

Enterprise Security: How do we specify the proper fields for the correlated search?

When we create the correlated searches, how do we specify which fields will be visible in the notable event / inciden...

by Motivator in

SPLUNK 7.x Fundamentals Part 1&2: Where could I find the total hours for each course?

I am in the the process of gathering CEUs for my CompTIA Sec+. In order to have CompTIA give me credit for the SPLUNK...

by New Member in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Enterprise Security

Discussions

No SSL certificate validation can be performed since no CA file has been provided

Field Extractor

Splunk itsi and splunk enterprise security on same indexer cluster

Splunk Enterprise Security adding new View and navigation

Where can I check Splunk Search Head compatibility with Indexers ?

Use cases in Enterprise Secuirty

Cloning information and forwarding to another splunk indexer from a splunk indexer

How to generate a report based on utilisation of AWS services covering cost & capacity management in Splunk?

Splunk Component Reboot/Restart Detected

field extraction

Where should I install Fortinet Fortigate Add-On for Splunk?

How I can extract two diferent events in a single search

Discarding Specific type of traffic either on forwarder or indexer fails

Versions above 7.1 for UFMA?

Enterprise Search: What are the Recommended Fields?

How to move Enterprise Security to new search head

How to group similar events into one event

Sonicwall data Enterprise Security

Enterprise Security: How do we specify the proper fields for the correlated search?

SPLUNK 7.x Fundamentals Part 1&2: Where could I find the total hours for each course?

How to put Limit on "edit Selected" option for the...

Is throttling based on trigger time? How do we dec...

What should be the source type for AWS KMS logs to...

Single Enterprise Security searchhead cluster conn...

Trying to set default disposition of a notable cor...