Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Create New Fields From Another Field with Varying Values

Hello All, Is there a way to create multiple fields from a single field separated by commas? But the number of va...

by New Member in

List of users on Linux and Windows clients, how we can get it?

Hi guys, Nothing comes to mind. How to get a list of users in operating systems using splunk forwarder?

by New Member in

How to remove unwanted data while indexing a CSV file?

I have a CSV file that has some data at the start of the file and in end. Like: ----BEGIN_RESPONSE_BODY_CSV "Date...

by Path Finder in

How can i use the client to exploit ransomware or virus?

How can i use the client to exploit ransomware or virus? in case i need to testing from client PC

by New Member in

How can I monitor network device or server on splunk ? like pingstatus command or something?

Hello everyone, I am a Rookie, I use splunk for linux,I tried running pingstatus command on splunk But I don’t know i...

by Loves-to-Learn Everything in

How does splunk enterprise security asset lookup handle lookups of additional details for incidents with dynamic ip ?

We are current running the seckit for aws asset runs schedully to created aws assets lookup table. Now, for the el...

by Explorer in

Throttling of Notable Use-Cases in Splunk For "OR" Condition

Hi, Would like to find out if there is any option to throttle correlation searches rules for notables for > 1 fiel...

by New Member in

Finding Changes To Audit Mechanisms or Audit/Data Logs

Was hoping someone could give me some assistance with finding changes to audit mechanisms or changes to audit/data lo...

by New Member in

Checkpoint R80.20 integration with Checkpoint

I am trying to integrate Checkpoint running on Gaia OS version R80.20 to heavy forwarder. I am using checkpoint log e...

by New Member in

We are getting the below error while accessing the splunk enterprise security free trial next day of registration?

Error in 'litsearch' command: Your Splunk license expired or you have exceeded your license limit too many times. Ren...

by New Member in

how to use the summary index in real time

I am new to Summary Indexing. Can you please let me know how to use summary indexing in dashboards?

by New Member in

How to exclude the events in the default "Anomalous Audit Trail activity detected" search in ES, if its a reboot?

Hello Everyone, We currently have the below default search from ES to alert for anomalous audit log clearance acti...

by Explorer in

Fine-tune Incident Review - Splunk ES

Hi All, We are using Splunk ES app in our environment and log sources are integrated to it and I am working on to mak...

by Path Finder in

Eval value depending on hour of day

Is there a way to return a specific value if an event is seen between 18:00 and 07:00 the following day? I need t...

by Path Finder in

Scheduled search event links

Hi I have a scheduled search in Splunk that get forwarded to ServiceNow and I would like to include the original link...

by New Member in

Major upgrade fail on ES from version 4.5.2 to 5.0.1. Please help !!!

After I installed the ES app, I got the error as shown in the attached picture. On the ES upgrade page, I noticed it...

by Motivator in

splunk enterprise add data - monitor - how to fetch data in real time

In splunk enterprise security, I am trying to add data from a directory using 'Monitor'. Files gets created in the di...

by Explorer in

Not sure how to go about my search

sorry I am fairly new to Splunk and not sure how to go about getting my search to work so I apologize if I am using t...

by Engager in

Extracted field not showing up after creation, though it displays in "+ Extract New Fields"

There have been questions similar to this in the past, and none of the fixes listed have fixed my issue. The created ...

by Explorer in

Dashboard Query / Search Resource Utilization - Time To Complete

Hello all, thanks for taking the time to read this post. I am writing today about an issue we seem to be having with ...

by Engager in

Adaptive Response Not Pulling Variables

I've been using AR rules within notables for about a year now and I've had quite a bit of success with it. Previously...

by Path Finder in

2 Stats Queries Within A Single Search?

Currently, my stats command is done by both the Computer Field and the Group field. This allows me to create an eval ...

by Explorer in

Why am I getting "Invalid key in stanza [identityLookup] in /opt/splunk/etc/apps/SA-IdentityManagement/local/identityLookup.conf, line 6: eai:appName (value: SA-IdentityManagement)." ?

Everytime after splunk startup, I get the following message, Invalid key in stanza [identityLookup] in /opt/splunk...

by Motivator in

list down the extracted fields by app and user

Hello All, I want to run a search which will list all the fields i have extracted regardless of app. Is that somet...

by Path Finder in

How to troubleshoot notable events not generating / not showing under Incident Review?

Splunk Enterprise v7.0.1 Some notable events are showing in Incident Review but not all. We are missing some n...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Create New Fields From Another Field with Varying Values

List of users on Linux and Windows clients, how we can get it?

How to remove unwanted data while indexing a CSV file?

How can i use the client to exploit ransomware or virus?

How can I monitor network device or server on splunk ? like pingstatus command or something?

How does splunk enterprise security asset lookup handle lookups of additional details for incidents with dynamic ip ?

Throttling of Notable Use-Cases in Splunk For "OR" Condition

Finding Changes To Audit Mechanisms or Audit/Data Logs

Checkpoint R80.20 integration with Checkpoint

We are getting the below error while accessing the splunk enterprise security free trial next day of registration?

how to use the summary index in real time

How to exclude the events in the default "Anomalous Audit Trail activity detected" search in ES, if its a reboot?

Fine-tune Incident Review - Splunk ES

Eval value depending on hour of day

Scheduled search event links

Major upgrade fail on ES from version 4.5.2 to 5.0.1. Please help !!!

splunk enterprise add data - monitor - how to fetch data in real time

Not sure how to go about my search

Extracted field not showing up after creation, though it displays in "+ Extract New Fields"

Dashboard Query / Search Resource Utilization - Time To Complete

Adaptive Response Not Pulling Variables

2 Stats Queries Within A Single Search?

Why am I getting "Invalid key in stanza [identityLookup] in /opt/splunk/etc/apps/SA-IdentityManagement/local/identityLookup.conf, line 6: eai:appName (value: SA-IdentityManagement)." ?

list down the extracted fields by app and user

How to troubleshoot notable events not generating / not showing under Incident Review?

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions