Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
jamolson
I am able to send data to Phantom and create containers with valid Artifacts but I want to enrich the artifact itself...
by jamolson Path Finder in Splunk Enterprise Security 01-31-2020
0 6
0
6
staparia
how do i calculate the average of logs received from a sourcetype over last 30 days and then compare if percentage di...
by staparia Explorer in Splunk Enterprise Security 01-31-2020
0 1
0
1
jrprez1804
I have two lookup tables: notablesIp.csv and criticalAsset.csv notableIP.csv ip attack 1.1.1.1 Ransomware ...
by jrprez1804 Path Finder in Splunk Enterprise Security 01-31-2020
1 5
1
5
darismendy
Hello I am having an issue when scheduling some reports which i set cron as : 0 6 3 * * which is “At 06:00 on day-of...
by darismendy Explorer in Splunk Enterprise Security 01-30-2020
0 6
0
6
jacodutoit
Hi Splunkers Does anyone know the correct settings for the props.conf file of the TA-MS_O365_Reporting add-on that e...
by jacodutoit New Member in Splunk Enterprise Security 01-30-2020
0 2
0
2
ralucaserbanesc
Hi, I am having the following event and I am trying to extract the URI and FileSHA256 field, but not using the sear...
by ralucaserbanesc New Member in Splunk Enterprise Security 01-29-2020
0 2
0
2
shashank_trip
I am currently trying to deploy a splunk cluster on kubernetes. While I can successfully deploy the standard yaml fr...
by shashank_trip New Member in Splunk Enterprise Security 01-29-2020
0 1
0
1
woodentree
Hello, We'd like to provide a basic dashboard to our analysts to help them to search the information in an asset loo...
by woodentree Communicator in Splunk Enterprise Security 01-29-2020
0 4
0
4
DawoodUlex
Hi Folks, Does anyone have idea of files with extension (dot).lock Thanks
by DawoodUlex New Member in Splunk Enterprise Security 01-29-2020
0 1
0
1
staparia
I have the below query to calculate events not reporting for last 24 hours. I want to calculate the difference betwe...
by staparia Explorer in Splunk Enterprise Security 01-28-2020
0 1
0
1
cpaul8
The Lookup cache has been generated with 90 days baseline before Search 2 in which "dest" field is not "null" for any...
by cpaul8 New Member in Splunk Enterprise Security 01-28-2020
0 0
0
0
coryangspl
Many companies looking for candidates with expertise and experience using Splunk products. I have earned my Splunk Ce...
by coryangspl New Member in Splunk Enterprise Security 01-28-2020
0 1
0
1
danny12345
First, some background info on our Splunk system. We are setting up a 2-site cluster with a replication factor of 2....
by danny12345 Explorer in Splunk Enterprise Security 01-28-2020
0 9
0
9
lars312
0
1
potnuru
While using the drill-down from dashboard panel1 to panel2, I want to pass the Time from panel1 to panel1 when a user...
by potnuru Path Finder in Splunk Enterprise Security 01-28-2020
0 11
0
11
Zerophage
Hello all, I'm using a Correlation Search to create a Log Event as below: hxxps://docs.splunk.com/Documentation/Splu...
by Zerophage New Member in Splunk Enterprise Security 01-28-2020
0 0
0
0
celdridge1988
To cut a long story short, i'm looking to extract a CVE number for my Vulnerabilities Data Model for ES. An example o...
by celdridge1988 Engager in Splunk Enterprise Security 01-28-2020
0 8
0
8
DawoodUlex
Hi Team, I want to create a report of excessive failed login users who have more than 5 failed login attempts from a...
by DawoodUlex New Member in Splunk Enterprise Security 01-28-2020
0 3
0
3
alexspunkshell
I am receiving lot of messages in Splunk. I want to change the frequency of the messages receiving in splunk. Kindly ...
by alexspunkshell Contributor in Splunk Enterprise Security 01-28-2020
0 3
0
3
macklaud
Hi, I receive all the data from different tenants, but my data is not tagged to be able to use it in my Enterprise S...
by macklaud New Member in Splunk Enterprise Security 01-28-2020
0 1
0
1
hketer
Hi All, I've installed CIM (same installation file) on 2 search heads. both of them with the same configuration, sam...
by hketer Path Finder in Splunk Enterprise Security 01-28-2020
0 0
0
0
ibmresilient
Hello, We are running Splunk 8.0.1 with Splunk ES 5.7.1 (python3 enabled). Everything works fine. Then we just dow...
by ibmresilient Path Finder in Splunk Enterprise Security 01-27-2020
1 3
1
3
einervonvielen2
Hi everyone, preparing for my master´s thesis my supervisor at the uni suggested to create an app that produces fak...
by einervonvielen2 Explorer in Splunk Enterprise Security 01-27-2020
0 7
0
7
hrs2019
Hi I want to rename output field value name Week1 1. Systems ops 12.1 to ops 2 .Systems dev 12.1 to dev B...
by hrs2019 Path Finder in Splunk Enterprise Security 01-27-2020
0 3
0
3
crisp023
Has anyone had success with setting up alerting for the Golden Ticket attack? I don't see a lot of info about it onl...
by crisp023 New Member in Splunk Enterprise Security 01-25-2020
0 1
0
1
Get Updates on the Splunk Community!

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...

Splunk Developers: Construct Your Future at the .conf26 Builder Bar

Calling all Splunk architects, platform admins, and app developers: the site is open, and the blueprints are ...

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...