Splunk Enterprise Security

Community Activity

Distinct Count combined with List Is it possible to take a distinct count of something, then list this by an additional value by day? something like t... by jacqu3sy Path Finder in Splunk Enterprise Security 01-16-2020 0 4	0	4
ES 6 fresh install - how to populate assets KV store Hi there. I have used previous versions of ES, and am familiar with importing a CSV of my identities and assets. I ... by sbridge Explorer in Splunk Enterprise Security 01-15-2020 0 2	0	2
Can splunk be 100% CIM Compliance? My team is always complainin that splunk is not cim compliance. Most of data sources in splunk such as symantec endpo... by ujuka New Member in Splunk Enterprise Security 01-15-2020 0 3	0	3
Splunk_TA_windows puts failed logon events in Change Datamodel Hi Splunkers, It is strange to me and I hope someone can explain - what is the reason for ingesting Windows failed lo... by asobiesiak New Member in Splunk Enterprise Security 01-14-2020 0 0	0	0
How i can rename the field output value in splunk. how i can rename the field output value in splunk. below is the screen short i want to RENAME PPN \| V0.2019 \|24... by hrs2019 Path Finder in Splunk Enterprise Security 01-14-2020 0 4	0	4
What is the solution for real-time dataset to be ingested in Splunk Enterprise Security? Thank you all in advance! Actually, I have built a lab environment (AWS) and installed the ES APP (Enterprise Securit... by aydinmo Explorer in Splunk Enterprise Security 01-14-2020 0 0	0	0
How to get the data in groups for a particular set of data? Hi, I have 2 sets of data as below. Set1 User1 dest1 Time1 EventCode-4722 User1 dest1 Time2 EventCode-4726 User1 de... by gndivya Explorer in Splunk Enterprise Security 01-14-2020 0 1	0	1
30 Days Max Age - Threat Intel HI All, Max Age for threat intel downloads. Does anyone know if each download gets stored in KV store for 30days or ... by siddh01r New Member in Splunk Enterprise Security 01-13-2020 0 0	0	0
How to delete rows in lookup based on time or date Hi, I am trying to build a query to monitor the IOCs in the lookup which has the time field in it. Attached the scr... by KumarGB Explorer in Splunk Enterprise Security 01-13-2020 1 5	1	5
Detect Long Duration of Data Transfer from src to dest I need to write a search to detect the long duration of data transfer between a src and dest. can some one help me on... by ayushchoudhary Path Finder in Splunk Enterprise Security 01-12-2020 0 1	0	1
Difference between correlation search written with data modals and correlation search written with normal search query Hi Team, What is the difference between correlation search created with the datamodals and the correlation search cr... by VijaySrrie Builder in Splunk Enterprise Security 01-12-2020 1 1	1	1
Splunk Enterprise Security: What is CIM, data model, and Tag? Hi, What is CIM, data model, Tag If sppose I am integrating antivirus related logs to splunk what role does CIM pla... by VijaySrrie Builder in Splunk Enterprise Security 01-12-2020 0 2	0	2
How do i extract certain fields and data from _raw and display in table form@ eg How do i extract certain fields and data from _raw and display in table form@ eg _raw [{"Conutry":"America","State":... by NayneshPatel New Member in Splunk Enterprise Security 01-10-2020 0 4	0	4
Splunk Stream App - Ingest Pcap issue I installed Splunk Stream App and i try to ingest a pcap file into Splunk. Specifically i select: Settings > Data In... by psychogyiokosta New Member in Splunk Enterprise Security 01-10-2020 0 4	0	4
Network scanning - high number denied attempts followed by a allowed traffic on firewall Hi Splunk Experts, My team has below search to identify blocked scanning activity followed by another search via a ... by anil_ec21 Explorer in Splunk Enterprise Security 01-09-2020 0 1	0	1
This is a question about preparing BOTS Day. Hello. I am a Korean university student studying Digital Forensics (incident Response). I want to study splunk and p... by mal4ensics Explorer in Splunk Enterprise Security 01-09-2020 0 6	0	6
Enterprise Security Permissions does not load I am having an issue when attempting to access the Permissions within Enterprise Security. We recently upgraded from... by eresh Engager in Splunk Enterprise Security 01-09-2020 0 1	0	1
How to get original sourcetype name for a notable events ? Hi Splunk Experts, In Splunk ES I need to count of notable events per sourcetype . I tried different things like che... by vikas_gopal Builder in Splunk Enterprise Security 01-09-2020 0 24	0	24
How can you list all indexes and the time of their first indexed event? How can you list all indexes and the time of their first indexed event? metadata seems to only show you the hosts, so... by endos New Member in Splunk Enterprise Security 01-08-2020 0 4	0	4
Correlation search using lookup table I have a lookup table that consists of AD groups with the fields Group, is_privileged, and Type. I need to create a c... by tromero3 Path Finder in Splunk Enterprise Security 01-08-2020 0 1	0	1
Splunk ES Upgrade Compatibility Just a quick question on Splunk Upgrade for ES https://docs.splunk.com/Documentation/VersionCompatibility/current/Ma... by jaracan Communicator in Splunk Enterprise Security 01-08-2020 0 5	0	5
How do I search from a lookup to find if a URL contains a malicious domain? Dear Splunk Experts, I have very little experience on Splunk, need your help with my search. I have a lookup with... by anil_ec21 Explorer in Splunk Enterprise Security 01-08-2020 0 3	0	3
Multisearching Hi All, First post on here. Hopefully this makes sense and isn't overly convoluted. So, I have a datamodel correlati... by celdridge1988 Engager in Splunk Enterprise Security 01-08-2020 0 3	0	3
How to create a search that shows if the last seen date was greater than 7 days I've tried a few different things but they don't appear to be working. I have a log that gives out the last day and ... by crisp023 New Member in Splunk Enterprise Security 01-08-2020 0 1	0	1
Remove Health messages Is it possible to remove the health warnings for certain users/roles from the top splunk bar? We have an error that w... by seankoniarz Explorer in Splunk Enterprise Security 01-07-2020 0 2	0	2