Splunk Enterprise Security

Discussions

Thread Info

Detect Long Duration of Data Transfer from src to dest

I need to write a search to detect the long duration of data transfer between a src and dest. can some one help me on...

by Path Finder in

Difference between correlation search written with data modals and correlation search written with normal search query

Hi Team, What is the difference between correlation search created with the datamodals and the correlation search ...

by Builder in

Splunk Enterprise Security: What is CIM, data model, and Tag?

Hi, What is CIM, data model, Tag If sppose I am integrating antivirus related logs to splunk what role does CIM...

by Builder in

How do i extract certain fields and data from _raw and display in table form@ eg

How do i extract certain fields and data from _raw and display in table form@ eg _raw [{"Conutry":"America","State...

by New Member in

Splunk Stream App - Ingest Pcap issue

I installed Splunk Stream App and i try to ingest a pcap file into Splunk. Specifically i select: Settings > Data ...

by New Member in

Network scanning - high number denied attempts followed by a allowed traffic on firewall

Hi Splunk Experts, My team has below search to identify blocked scanning activity followed by another search via ...

by Explorer in

This is a question about preparing BOTS Day.

Hello. I am a Korean university student studying Digital Forensics (incident Response). I want to study splunk and...

by Explorer in

Enterprise Security Permissions does not load

I am having an issue when attempting to access the Permissions within Enterprise Security. We recently upgraded from ...

by Engager in

How to get original sourcetype name for a notable events ?

Hi Splunk Experts, In Splunk ES I need to count of notable events per sourcetype . I tried different things like c...

by Builder in

How can you list all indexes and the time of their first indexed event?

How can you list all indexes and the time of their first indexed event? metadata seems to only show you the hosts, so...

by New Member in

Correlation search using lookup table

I have a lookup table that consists of AD groups with the fields Group, is_privileged, and Type. I need to create a c...

by Path Finder in

Splunk ES Upgrade Compatibility

Just a quick question on Splunk Upgrade for ES https://docs.splunk.com/Documentation/VersionCompatibility/current/...

by Communicator in

How do I search from a lookup to find if a URL contains a malicious domain?

Dear Splunk Experts, I have very little experience on Splunk, need your help with my search. I have a lookup ...

by Explorer in

Multisearching

Hi All, First post on here. Hopefully this makes sense and isn't overly convoluted. So, I have a datamodel correla...

by Engager in

How to create a search that shows if the last seen date was greater than 7 days

I've tried a few different things but they don't appear to be working. I have a log that gives out the last day and t...

by New Member in

Remove Health messages

Is it possible to remove the health warnings for certain users/roles from the top splunk bar? We have an error that w...

by Explorer in

Locate Missing Software

I am trying to run a search to locate specific missing software. I'm hitting a roadblock. I don't want to have to pul...

by New Member in

Forward logs from logz.io to Splunk

I am currently trying to ingest logs from one of our critical apps to Splunk Cloud. In working with my dev team, it a...

by Observer in

Splunk search for double file extension

I am trying to build a use case for files that have a double file extension since these can often be the source of ma...

by New Member in

Adding advanced tags for existing content in Splunk Security Essentials

Is there are a REST API endpoint, KVStore or lookup that can be used to add advanced tags to existing content in Splu...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Detect Long Duration of Data Transfer from src to dest

Difference between correlation search written with data modals and correlation search written with normal search query

Splunk Enterprise Security: What is CIM, data model, and Tag?

How do i extract certain fields and data from _raw and display in table form@ eg

Splunk Stream App - Ingest Pcap issue

Network scanning - high number denied attempts followed by a allowed traffic on firewall

This is a question about preparing BOTS Day.

Enterprise Security Permissions does not load

How to get original sourcetype name for a notable events ?

How can you list all indexes and the time of their first indexed event?

Correlation search using lookup table

Splunk ES Upgrade Compatibility

How do I search from a lookup to find if a URL contains a malicious domain?

Multisearching

How to create a search that shows if the last seen date was greater than 7 days

Remove Health messages

Locate Missing Software

Forward logs from logz.io to Splunk

Splunk search for double file extension

Adding advanced tags for existing content in Splunk Security Essentials

Starting With Observability: OpenTelemetry Best Practices

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Streamline Data Ingestion With Deployment Server Essentials

How to retrieve a specific alert in Splunk Enterpr...

Why the System Center does not show data from Wind...

Is it possible to clone dashboards from the Enterp...

How to get logs from minio?

'Next Steps' Variable Substitution in Splunk Enter...