Splunk Enterprise Security

Community Activity

How do i extract certain fields and data from _raw and display in table form@ eg How do i extract certain fields and data from _raw and display in table form@ eg _raw [{"Conutry":"America","State":... by NayneshPatel New Member in Splunk Enterprise Security 01-10-2020 0 4	0	4
Splunk Stream App - Ingest Pcap issue I installed Splunk Stream App and i try to ingest a pcap file into Splunk. Specifically i select: Settings > Data In... by psychogyiokosta New Member in Splunk Enterprise Security 01-10-2020 0 4	0	4
Network scanning - high number denied attempts followed by a allowed traffic on firewall Hi Splunk Experts, My team has below search to identify blocked scanning activity followed by another search via a ... by anil_ec21 Explorer in Splunk Enterprise Security 01-09-2020 0 1	0	1
This is a question about preparing BOTS Day. Hello. I am a Korean university student studying Digital Forensics (incident Response). I want to study splunk and p... by mal4ensics Explorer in Splunk Enterprise Security 01-09-2020 0 6	0	6
Enterprise Security Permissions does not load I am having an issue when attempting to access the Permissions within Enterprise Security. We recently upgraded from... by eresh Engager in Splunk Enterprise Security 01-09-2020 0 1	0	1
How to get original sourcetype name for a notable events ? Hi Splunk Experts, In Splunk ES I need to count of notable events per sourcetype . I tried different things like che... by vikas_gopal Builder in Splunk Enterprise Security 01-09-2020 0 24	0	24
How can you list all indexes and the time of their first indexed event? How can you list all indexes and the time of their first indexed event? metadata seems to only show you the hosts, so... by endos New Member in Splunk Enterprise Security 01-08-2020 0 4	0	4
Correlation search using lookup table I have a lookup table that consists of AD groups with the fields Group, is_privileged, and Type. I need to create a c... by tromero3 Path Finder in Splunk Enterprise Security 01-08-2020 0 1	0	1
Splunk ES Upgrade Compatibility Just a quick question on Splunk Upgrade for ES https://docs.splunk.com/Documentation/VersionCompatibility/current/Ma... by jaracan Communicator in Splunk Enterprise Security 01-08-2020 0 5	0	5
How do I search from a lookup to find if a URL contains a malicious domain? Dear Splunk Experts, I have very little experience on Splunk, need your help with my search. I have a lookup with... by anil_ec21 Explorer in Splunk Enterprise Security 01-08-2020 0 3	0	3
Multisearching Hi All, First post on here. Hopefully this makes sense and isn't overly convoluted. So, I have a datamodel correlati... by celdridge1988 Engager in Splunk Enterprise Security 01-08-2020 0 3	0	3
How to create a search that shows if the last seen date was greater than 7 days I've tried a few different things but they don't appear to be working. I have a log that gives out the last day and ... by crisp023 New Member in Splunk Enterprise Security 01-08-2020 0 1	0	1
Remove Health messages Is it possible to remove the health warnings for certain users/roles from the top splunk bar? We have an error that w... by seankoniarz Explorer in Splunk Enterprise Security 01-07-2020 0 2	0	2
Locate Missing Software I am trying to run a search to locate specific missing software. I'm hitting a roadblock. I don't want to have to p... by crisp023 New Member in Splunk Enterprise Security 01-07-2020 0 2	0	2
Forward logs from logz.io to Splunk I am currently trying to ingest logs from one of our critical apps to Splunk Cloud. In working with my dev team, it a... by balbano_cfg Observer in Splunk Enterprise Security 01-07-2020 0 0	0	0
Splunk search for double file extension I am trying to build a use case for files that have a double file extension since these can often be the source of ma... by crisp023 New Member in Splunk Enterprise Security 01-07-2020 0 4	0	4
Adding advanced tags for existing content in Splunk Security Essentials Is there are a REST API endpoint, KVStore or lookup that can be used to add advanced tags to existing content in Splu... by simon_lavigne Path Finder in Splunk Enterprise Security 01-06-2020 0 0	0	0
Question RE: Enterprise Security Compatibility with Add-On for Microsoft Windows We are planning an upgrade. Our current environment: Splunk Enterprise Core - 7.1.4Enterprise Security - 5.1.1 Splun... by richardphung Communicator in Splunk Enterprise Security 01-06-2020 1 0	1	0
How does Kaspersky Anti Targeted Attack integrates with Splunk? How does Kaspersky Anti Targeted Attack integrates with Splunk? Do I need to have Splunk Enterprise Security to be de... by faaziz_splunk Splunk Employee in Splunk Enterprise Security 01-05-2020 0 0	0	0
Unable to export manged lookup csv in Splunk Enterprise Security I have a custom lookup on my ES search-head. I have added it to manged lookups and it shows up fine in the Content Ma... by nabeel652 Builder in Splunk Enterprise Security 01-04-2020 0 2	0	2
How to monitor azure storage data internally. Have some security issues to connect through public end point from splunk-add-on for microsoft cloud service. I have ... by phani123455 New Member in Splunk Enterprise Security 01-03-2020 0 0	0	0
Need connection data for firewall cleanup Hi Forum, I am in the process of cleaning up some old rules on our Palo Altos. The custom search function in the f... by rclifford New Member in Splunk Enterprise Security 01-03-2020 0 1	0	1
How to exclude CIDR range from Splunk Enterprise Security alert We have a number of alerts in Splunk ES that are triggered by our external scanner. We want to be able to exclude our... by saidshow Explorer in Splunk Enterprise Security 01-02-2020 0 6	0	6
splunk time stamp Hello, When I'm looking at an event, there is a TIME field to the left column and then the actual event has it's own... by trojan_81 Path Finder in Splunk Enterprise Security 01-02-2020 0 8	0	8
seckit_idm_windows_identities_nha lookup not populating the priority in Identities We have the SecKit Windows Assets Add-on for Splunk Enterprise Security and the SecKit SA IDM Common install on our c... by edhealea Path Finder in Splunk Enterprise Security 01-02-2020 0 2	0	2