Splunk Enterprise Security

Discussions

Thread Info

How to create an alias for a CIM field in Splunk ES?

I am extracting the src and user values from failed login attempts in Shibboleth logs and the value is "failed" so I ...

by Influencer in

How to roll back to using LDAP authentication?

I'm testing out an SSO feature in Okta. I was initially using LDAP as the authentication method. There was a configu...

by New Member in

corellation search for below scenerio

| tstats summariesonly max(time) as _time,values(Web.http_method) as http_method,values(Web.status) as status,count f...

by Explorer in

How can splunk tell me if I have access to Palo Alto

Hello, I am relatively new with splunk and would like to know how to run a query to tell if I have access to Palo alt...

by New Member in

creating drilldown panel based on the selected value in $click.value$

I want to create a drilldown panel that will run different searches based on the value selected i.e. $click.value$. ...

by Explorer in

Glass Table not loading in Splunk ES

Hi folks, We have created a glass table in Splunk ES. It worked yesterday, but today when we try to open it, it do...

by Builder in

Zscaler add-on field extraction

Hi All, We receiving zscaler logs on syslog server from there forwarder is reading logs and sending to Splunk clou...

by Path Finder in

splunk search query

Hi suppose I have this IP address 10.5.5.5 I just want to see any information that splunk has on this IP. I'm s...

by Path Finder in

Check for users clicking on a totally new url in last 24 hrs

I need to search for users who clicked on totally new urls seen in last 24 hrs. If user has clicked on a link which w...

by New Member in

Question about improvments regarding IoC in Threat Intel collection

Hello All on Forum I have following problem with threat intel in Splunk ES. I have got IoC, which is IP address an...

by Path Finder in

intelligence lookup source is not working

Hi, I have a intelligence lookup file in SA-ThreatIntelligence APP. This lookup schedule content update with open so...

by New Member in

events and forwarders

Hi When i'm reviewing an EVent, is there a field that tells me if it came from a forwarder?

by Path Finder in

Enterprise Security TAs

Hello All, I am following the instructions to download the TAs so that I can install on my indexers but do not see...

by Contributor in

How to get a developer license for Splunk IT Service Intelligence or Splunk Enterprise Security?

Is there any way to get a developer license of Splunk IT Service Intelligence (ITSI) and/or Splunk Enterprise Securit...

by SplunkTrust in

Query which allows close all notables events considered as FP

Hello alll I have following question: If it is possible to create query which will change owner,status and add not...

by Path Finder in

viewing syntax of dashboards

Hello newbie question here When I log into splunk and drill into DASHBOARDS, I am presented with the list of dashb...

by Path Finder in

Additional field is not populating in ES inscident review page for the AWS cloudtail correlation search.

I have created correlation search to get the alert for the aws cloudtrail activity in enterprise security. Alert is t...

by Explorer in

Checkpoint Opsec Lea Add on Error

Hi All, I am getting the following error post configuring the opsecLEA add on my Heavy Forwarder. We are able to p...

by New Member in

How to run Splunk using python 3.7

I'm developing a Technology AddOn (TA) using Modular Input and as per the latest Splunk norms they will be deprecatin...

by Path Finder in

Enterprise Security compatibility with Splunk v7.3.3

Will ES v6.0 security components such as, content support, framework suport, shared components, integration support. ...

by New Member in

Search common url visited by multiple users

How do i make a query for proxy logs to check multiple users visiting the same links

by New Member in

How to show latest month data in Solid line and rest all months in marker point in line chart?

Hi , I have data for each month like below. For example, Data1 min Months -1 322 Jan-19 1 340 Jan-19 2 200 Jan-19...

by Explorer in