Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
jerm1020rq
Searching: index=sec_windows source=wineventlog:security EventCode=4776 action=failure should return a field called ...
by jerm1020rq Explorer in Splunk Enterprise Security 02-23-2020
0 1
0
1
malisushil
i am trying to query the Oracle DB using the statement attached in the case, the query works fine for the batch input...
by malisushil New Member in Splunk Enterprise Security 02-23-2020
0 2
0
2
leillo28
Hi all, We have the necessity to implements alerts related to Nessus scans and Windows systems. We have seen a few of...
by leillo28 New Member in Splunk Enterprise Security 02-21-2020
0 1
0
1
rajashekar_s
I have two set of questions on which I am looking for inputs. 1. I have data from multiple tables for an application....
by rajashekar_s Path Finder in Splunk Enterprise Security 02-20-2020
0 2
0
2
ggiessen
I would like to be able to restrict the KPIs of a glass table in ES on refresh interval. The refresh interval canno...
by ggiessen Explorer in Splunk Enterprise Security 02-19-2020
0 2
0
2
charlesukah22
Hi Guys I am working for a new client that wants me to develop a monthly report/dashboard for their business. I am tr...
by charlesukah22 Explorer in Splunk Enterprise Security 02-19-2020
0 4
0
4
imontanoisoft
I have to upgrade splunk enterprise (from 7.2.6 to 8.0.1 ) and enterprise security (from 5.3.0 to 6.0.0) I am followi...
by imontanoisoft Explorer in Splunk Enterprise Security 02-19-2020
0 1
0
1
RK_sp1unk
Splunk Enterprise security version 6 having issues we get the errors in incident review with the SA-Threat Intelli...
by RK_sp1unk New Member in Splunk Enterprise Security 02-19-2020
0 0
0
0
avni26
Hi, I'm trying to create a alert action to create a incident when any alert gets triggered. Whats the best way to a...
by avni26 Explorer in Splunk Enterprise Security 02-19-2020
0 3
0
3
twh1
I have some saved Splunk reports. I am calling these reports every hour by JAVA API call. If any hour due to some iss...
by twh1 Communicator in Splunk Enterprise Security 02-18-2020
0 0
0
0
vdeomampo12
Hi All, I have this issue that device is not logging to splunk. When I checked the splunkd.log I have found this err...
by vdeomampo12 New Member in Splunk Enterprise Security 02-18-2020
0 0
0
0
rtoloczk
Does the Phantom Remote Search app get installed on my Enterprise Security Search Head, a HEC server, or another serv...
by rtoloczk Explorer in Splunk Enterprise Security 02-18-2020
1 2
1
2
mjjohnson3
Does Splunk offer any additional courses for government personnel? Kind Regards, Mike
by mjjohnson3 New Member in Splunk Enterprise Security 02-18-2020
0 2
0
2
tan_junyuan
From my threat intel source, we tried to forward the intelligence source to Splunk ES-> Threat Intelligence The raw ...
by tan_junyuan Engager in Splunk Enterprise Security 02-17-2020
0 0
0
0
sumchan
How to customize the ES Incident Review in a way: 1) Once logged in, users can only see the Incident Review Dashboard...
by sumchan Engager in Splunk Enterprise Security 02-17-2020
1 0
1
0
adalbor
Hey All, We are planning on moving all of our UF's to the low priv mode install but I had a question. Our current U...
by adalbor Builder in Splunk Enterprise Security 02-17-2020
0 2
0
2
bsuresh1
Palo Alto firewall device (IPS and IDS only) is sending logs to rsyslog server and it gets saved in a directory. The...
by bsuresh1 Path Finder in Splunk Enterprise Security 02-15-2020
1 4
1
4
spodda01da
Hello All, I have been going through Multiple posts but still not able to configure my Splunk Add-on for Cisco ESA. ...
by spodda01da Path Finder in Splunk Enterprise Security 02-14-2020
0 0
0
0
carlangas93
Good Morning, I am implementing Infoblox logs in Splunk and it is giving me problems. I have 3 Splunk machines, one ...
by carlangas93 New Member in Splunk Enterprise Security 02-14-2020
0 0
0
0
danielbb
The cim validator shows the signature field as a recommended field for the Authentication datamodel while the followi...
by danielbb Motivator in Splunk Enterprise Security 02-12-2020
1 2
1
2
cody_richardson
Hello all, I'm currently trying to send AWS GuardDuty logs to Splunk and am hoping someone here can help. I'm using...
by cody_richardson Path Finder in Splunk Enterprise Security 02-12-2020
0 3
0
3
alexspunkshell
Unable to distribute to peer named xxxxxx at uri=xxxxxxxx:8089 using the uri-scheme=https because peer has status=2. ...
by alexspunkshell Contributor in Splunk Enterprise Security 02-12-2020
0 1
0
1
sonydrew
I have data from a couple different sources that I am trying to combine together into coherent results. The issue I a...
by sonydrew Explorer in Splunk Enterprise Security 02-12-2020
0 8
0
8
danan5
Hi, Does anyone happen to know if Multisite search head clustering is suppported in ES 6.x? The validated architectu...
by danan5 Path Finder in Splunk Enterprise Security 02-12-2020
0 1
0
1
mteverest
Hi, I have a scheduled search in Splunk with the following link in the description field [1] and would like to captur...
by mteverest New Member in Splunk Enterprise Security 02-12-2020
0 3
0
3
Get Updates on the Splunk Community!

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...

Splunk Developers: Construct Your Future at the .conf26 Builder Bar

Calling all Splunk architects, platform admins, and app developers: the site is open, and the blueprints are ...

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...