Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
astatrial

Drill down with process path

Hi all, I am having major issues with creating drilldown to correlation searches, using tokens of the process paths...
by astatrial Contributor in Splunk Enterprise Security 02-10-2020
0 0
0
0
rashid47010

Glass Table icron permission

While trying to access the icons from glass table, I got permission error as shown below: Error reading icon collec...
by rashid47010 Communicator in Splunk Enterprise Security 02-09-2020
0 1
0
1
test_qweqwe

How to detect default accounts by Splunk?

Hi. I see dashboard in ES 4.1.1 aka "Default Account Activity", but he shows activity of all accounts. How to dete...
by test_qweqwe Builder in Splunk Enterprise Security 02-08-2020
0 5
0
5
sectrainingjk

How to manage reports and alerts for 150+ indexes?

We have a ton of indexes and need to better understand which ones have stopped receiving events so that we can report...
by sectrainingjk Explorer in Splunk Enterprise Security 02-08-2020
0 1
0
1
btiggemann

How is the index=threat_activity filled up with data in splunk Enterprise Security (ES)? How can I add an additional field to it?

We have got squid proxy logs that are compared with the threat lists in splunk ES. It works fine, but on the list on...
by btiggemann Path Finder in Splunk Enterprise Security 02-08-2020
1 6
1
6
xoriantkbisht

Query on Data models

HI Team, I have query regarding Data models base search | multisearch [| from datamodel:Endpoint.Filesystem | search...
by xoriantkbisht Explorer in Splunk Enterprise Security 02-07-2020
0 1
0
1
kmarciniak

Splunk Enterprise Security new log ERRORs after upgrading enterprise to 7.3.3 and ESS from 5.0.1 to 5.3.1

I need to determine the significance of these errors before giving the green light to upgrade production. These are a...
by kmarciniak Path Finder in Splunk Enterprise Security 02-07-2020
0 3
0
3
Wallace44

Tenable not importing vuln or asset information

We have installed Tenable Add-on For Splunk, and configured it to connect to cloud.tenable.com with an API key. Our ...
by Wallace44 Explorer in Splunk Enterprise Security 02-07-2020
0 2
0
2
staparia

how do i calculate the average of logs received from a sourcetype over last 30 days and compare FOR EACH SOURCETYPE if percentage of dip is more than 70% in last 24 hours when compared to average logs for that particular sourcetype

| metadata type=sourcetypes index=* group by index | search sourcetype=* | where lastTime < (now() - 86400) | eval D...
by staparia Explorer in Splunk Enterprise Security 02-06-2020
0 5
0
5
cdhippen

setup.xml exists for apps, but no "Setup app" option

We've tried installing several apps on a distributed search head cluster via a deployer: Demisto: https://splunkbase...
by cdhippen Path Finder in Splunk Enterprise Security 02-05-2020
0 6
0
6
barry

Splunk ES 6.0 failed set up - Postinstall failure

I tried to install ES 6.0 in my server and it fails during postinstall. Have anyone experienced the same issue? Se...
by barry Explorer in Splunk Enterprise Security 02-05-2020
0 8
0
8
scoughlin1

How can I get Azure Self Service Password Reset into Splunk (on prem)?

Primary focus is obtaining SSPR logs ASAP and then learning what else can be ingested.
by scoughlin1 Path Finder in Splunk Enterprise Security 02-05-2020
0 0
0
0
MikeVenable

I need to match the user col to the Expired user col from two different datasets

I need an SPL that will take input from Authentication dataset in the Authentication datamodel, at the same time taki...
by MikeVenable Path Finder in Splunk Enterprise Security 02-05-2020
0 1
0
1
xoriantkbisht

Severity for Correlation search

Hello Expert, I have requirement to detect malware related events which should create notable event. In this if acti...
by xoriantkbisht Explorer in Splunk Enterprise Security 02-04-2020
0 4
0
4
woodentree

Empty 'sourcetype' field in Authentication data model if tstats query used

Hello, In order to detect excessive failed logins we use the correlation search below: | tstats summariesonly=true ...
by woodentree Communicator in Splunk Enterprise Security 02-03-2020
0 2
0
2
DawoodUlex

Query to detect activity from inactive account

Hi Folks, I want to create a correlation for inactive account activity including last login with timestamp and app u...
by DawoodUlex New Member in Splunk Enterprise Security 02-03-2020
0 1
0
1
goran_epl

Recommended CPU for client workstation accessing Splunk Enterprise Security

Is there a recommended number of CPU cores for client workstation accessing Splunk ES? The company is running virtual...
by goran_epl Explorer in Splunk Enterprise Security 02-03-2020
0 1
0
1
b_chris21

Tweek Enterprise Security when having few log inputs

Hello everyone, i am using Splunk Enterprise Security but at the moment because I don't have enough logs (only from ...
by b_chris21 Communicator in Splunk Enterprise Security 02-02-2020
0 1
0
1
shivarpith

How to Write query for TCP port activity in splunk ES

Hi, We are trying to analyze traffic on TCP ports both inbound and outbound in Splunk ES excluding the ports 80,443
by shivarpith Path Finder in Splunk Enterprise Security 02-01-2020
0 2
0
2
jamolson

Phantom: How to run Splunk search and add data to artifact rather than widget

I am able to send data to Phantom and create containers with valid Artifacts but I want to enrich the artifact itself...
by jamolson Path Finder in Splunk Enterprise Security 01-31-2020
0 6
0
6
staparia

how do i calculate the average of logs received from a sourcetype over last 30 days and then compare if percentage dip is is more than 70% in last 24 hours

how do i calculate the average of logs received from a sourcetype over last 30 days and then compare if percentage di...
by staparia Explorer in Splunk Enterprise Security 01-31-2020
0 1
0
1
jrprez1804

How to leverage multiple lookup tables in a search

I have two lookup tables: notablesIp.csv and criticalAsset.csv notableIP.csv ip attack 1.1.1.1 Ransomware ...
by jrprez1804 Path Finder in Splunk Enterprise Security 01-31-2020
1 5
1
5
darismendy

Splunk Ignores my cron and sets his own daily

Hello I am having an issue when scheduling some reports which i set cron as : 0 6 3 * * which is “At 06:00 on day-of...
by darismendy Explorer in Splunk Enterprise Security 01-30-2020
0 6
0
6
jacodutoit

ms:o365:reporting:messagetrace props.conf settings for timestamp recognition

Hi Splunkers Does anyone know the correct settings for the props.conf file of the TA-MS_O365_Reporting add-on that e...
by jacodutoit New Member in Splunk Enterprise Security 01-30-2020
0 2
0
2
ralucaserbanesc

How to extract the following fields?

Hi, I am having the following event and I am trying to extract the URI and FileSHA256 field, but not using the sear...
by ralucaserbanesc New Member in Splunk Enterprise Security 01-29-2020
0 2
0
2
Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...
Top Solution Authors
View All