Splunk Enterprise Security

Thread Info

Correlating multiple logs to get combined data for Active Directory Events

All, Need help with combining logs from Load Balancer/SNAT and AD Domain Controller to get the combined results in a ...

by New Member in

match field value with multi-field value

I have result in one field from the lookup and also result in second field(multivalue results) from lookup. Access...

by Path Finder in

Splunk Enterprise Security: Drilldown stats list

Hi, I am building a vulnerability dashboard and got the following table: To make it easier to read I li...

by New Member in

Firemon Server Control Panel integration with Splunk

Hi, Is it possible to integrate Firemon Server Control Panel with Splunk? Syslog can be enabled on Firemon SCP.

by New Member in

Compare search using join and subsearch in 2 different indexes

Hi, I've got 2 index logs to do a comparison with for emails. So in my mind is to use subsearch and join - but doe...

by New Member in

Enterprise Security: where is the CIM compatibility breakdown per sourcetype for Splunk_TA_symantec-ep?

Looking at Splunk_TA_symantec-ep and I wonder where the documentation for the sourcetypes, which are CIM compliant, i...

by Motivator in

How to identity logoffs when there isn't always a logoff event

I've been working on a problem that has me stumped. I have a 4624 and 4633 event that I want to correspond with e...

by Explorer in

Splunk Enterprise Security: Cisco ASA logs extracting in ES search- in search and reporting, but not in ES search?

Hi, I have the Cisco ASA TA installed and things look great on my Enterprise Security search head when I search for t...

by Path Finder in

Subsearch results not matching special characters

Hi, I'm trying to match email events which may consists of alphabets, numbers and special characters and do a coun...

by New Member in

Lookup: 'PrivilegedRiskScores' is missing

With Security Essentials, I get an error: [Indexer] Streamed search execute failed because: Error in 'lookup' comm...

by Communicator in

Splenk ES Threat Intel - Any help or Benefit ?

HI all, Anyone out there had any benefit from the free Threat intel List in Splunk ES? Its causing alot of noise,...

by New Member in

Splunk ES 6.0 installation fails

Hi folks, I'm trying to install newly released Splunk ES 6.0, but it keeps on failing during the "post installation c...

by Explorer in

Splunk Enterprise 7.1, ES 5.1 and phased_execution_mode

I have been looking into upgrading our Splunk Enterprise deployment to version 7.1.1, which would also require upgrad...

by Path Finder in

How to add new field to a search from results of another search

PLEASE BE PATIENT I AM NEW TO THIS All, I am trying to use the results of a search (search 1) and create a new fie...

by Explorer in

lookup table trouble

I cant figure this out. I cant get my query to check a lookup to verify if the identified recipient from the phish lo...

by New Member in

Problem after upgrade Splunk ES from version 5.1.0 to 5.2.2

Hello, I have a problem after the upgrade of the application Splunk ES from version 5.1.0 to 5.2.2 on the Splunk E...

by New Member in

Need help with threat activity dashboards in ESS

Hello, My Threat Activity dashboards returning zero result found message on every dashboard. I turned on data...

by Communicator in

KVStoreConfigurationProvider: KV Store is not available, status is 'failed'

Installing Splunk Enterprise Security and getting the ERROR: KVStoreConfigurationProvider - KV Store is not available...

by Engager in

Splunk Cloud support for version 2.x?

Are there any plans to support Splunk Cloud with newer versions of this TA? Currently, the only version supported by ...

by Explorer in

cannot find saved alert in enterprise security app

I have saved a search query as an alert on enterprise security app, but i cannot find them in alerts tab ( search & r...

by Explorer in

Splunk Add-on for ServiceNow configuration

Morning! Looking for some assistance with an error that I am receiving when I try and configure the Splunk add-on fo...

by New Member in

Splunk Telecommunication App to ingest RADIUS Account START|STOP record

Hi there, I have a scenario that we are trying to design for a Telco to improve on overall IP/MSISDN subscriber re...

by New Member in

How to Splunk getting data from windows servers

Hello, I want to blacklist the first four host to stop getting data from these servers, I have blacklisted them in...

by Explorer in

The "Run Adaptive Response Actions" is not listing all the alert actions in Splunk where while editing the correlation searches the options are available under "Adaptive Response Actions"

Description: 1. I have installed TA-thehive & TA-PagerDuty on Splunk ES search head. 2. While editing the correlation...

by Splunk Employee in

Splunk ES: TA-fortinet field extractions not working because of wrong fieldnames in TA

I tried to use the TA-fortinet, built-in in ES - for FortiGate logs send via FortiAnalyzer in syslog format. But the...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Enterprise Security

Discussions

Correlating multiple logs to get combined data for Active Directory Events

match field value with multi-field value

Splunk Enterprise Security: Drilldown stats list

Firemon Server Control Panel integration with Splunk

Compare search using join and subsearch in 2 different indexes

Enterprise Security: where is the CIM compatibility breakdown per sourcetype for Splunk_TA_symantec-ep?

How to identity logoffs when there isn't always a logoff event

Splunk Enterprise Security: Cisco ASA logs extracting in ES search- in search and reporting, but not in ES search?

Subsearch results not matching special characters

Lookup: 'PrivilegedRiskScores' is missing

Splenk ES Threat Intel - Any help or Benefit ?

Splunk ES 6.0 installation fails

Splunk Enterprise 7.1, ES 5.1 and phased_execution_mode

How to add new field to a search from results of another search

lookup table trouble

Problem after upgrade Splunk ES from version 5.1.0 to 5.2.2

Need help with threat activity dashboards in ESS

KVStoreConfigurationProvider: KV Store is not available, status is 'failed'

Splunk Cloud support for version 2.x?

cannot find saved alert in enterprise security app

Splunk Add-on for ServiceNow configuration

Splunk Telecommunication App to ingest RADIUS Account START|STOP record

How to Splunk getting data from windows servers

The "Run Adaptive Response Actions" is not listing all the alert actions in Splunk where while editing the correlation searches the options are available under "Adaptive Response Actions"

Splunk ES: TA-fortinet field extractions not working because of wrong fieldnames in TA

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Saved Search in Source Code