Splunk Enterprise Security

Community Activity

How to find LDAP accounts that have been disabled for longer then 30 days Hi everyone. I'm new to Splunk and trying to work on a search that would return accounts in LDAP that have already b... by gthomas719 New Member in Splunk Enterprise Security 11-27-2019 0 3	0	3
How to create regex with space delimiter field Hello all, a regex is needed that's way above my head: I have a message field in the notable index that holds multipl... by gwes77 Explorer in Splunk Enterprise Security 11-27-2019 0 2	0	2
Check if Field is a Multivalue Field Is it possible to check if a certain field is a multi-value field? I'm rewriting some old searches. They contain a ... by thomasvanhelden Explorer in Splunk Enterprise Security 11-27-2019 0 8	0	8
update asset list I have asset list associated with ES. Now I want to remove the assets from the list if they are not reporing more th... by riqbal47010 Path Finder in Splunk Enterprise Security 11-27-2019 0 2	0	2
Does Enterprise Security work just fine with a search head cluster? We read someplace that ES and the SH cluster might be tricky. It is right? or ES works naturally with the SH cluste... by danielbb Motivator in Splunk Enterprise Security 11-26-2019 0 2	0	2
Notable Alerts are triggering late.. I have an alert with 'Notable' Alert action. While checking the notable index i could see the notables triggered by ... by harish_ka Communicator in Splunk Enterprise Security 11-26-2019 0 1	0	1
Mount Volume to Forwarder Container Hello, I am trying to install the Splunk UF on a Docker container and mount the container to a specific volume. I a... by ekumar New Member in Splunk Enterprise Security 11-25-2019 0 1	0	1
how to calculate time between events for the past month Hello, I have an index for a symantec produt, and I have to write a search to alert if any of the sourcetypes doesn... by sabinayousoubuv New Member in Splunk Enterprise Security 11-24-2019 0 1	0	1
Dashboard Link Scenario: I have two panels in one dashboard. Panel A and Panel B. I need a system that, when i click on A only that ... by kalpesh11 New Member in Splunk Enterprise Security 11-22-2019 0 2	0	2
Symantec email gateway (Cloud) with SPLUNK (on-premise) integration We are using Symantec email gateway (Cloud)for email filtering (inbound and outbound), We would like to integrate em... by Mani1323 New Member in Splunk Enterprise Security 11-22-2019 0 0	0	0
How to list values using tstats in Splunk ES Hi, I am using below search query which list's out the sequence of login using standard querying. What the below que... by ashish9433 Communicator in Splunk Enterprise Security 11-21-2019 0 4	0	4
Splunk Query related I've written below query, index=* sourcetype=* EventCode=* \| rex field=_raw "((Process Command Line:\t)(?(.+)*))" \|... by rupesh67nikam New Member in Splunk Enterprise Security 11-21-2019 0 3	0	3
Splunk Enterprise Security: How to set a custom risk score based on stats results? I would like to set a custom risk score based on the number of failed authentication attempts by a user. I created t... by stevenjluke Explorer in Splunk Enterprise Security 11-20-2019 0 2	0	2
stix Threat Intelligence Upload Splunkers, Once a stix formatted IOC file has been successfully uploaded via Splunk Enterprise Security "Upload Thre... by tmwhitm New Member in Splunk Enterprise Security 11-20-2019 0 1	0	1
How do I change bar chart color based on value? I've tried: <option name="charting.fieldColors">{"Blocks_Blocked":0x006400, "Allowed_block":0xCCCC00, "Allowed":0x... by ESPrioleau New Member in Splunk Enterprise Security 11-20-2019 0 0	0	0
Splunk App for Enterprise Security: How does Identity Management work? Hello everyone, I was tasked with changing over our Identity management information in splunk since we switched vend... by smlrwd Explorer in Splunk Enterprise Security 11-20-2019 1 10	1	10
ES Tuning Question Hello All, I am working on tuning the Network-Unroutable Host Activity -Rule search and we are trying to exclude our... by edwardrose Contributor in Splunk Enterprise Security 11-20-2019 0 0	0	0
Installing on a Clustered Splunk Enterprise This application provides a ".spl" to install, which is perfect for "single server splunk". Since we run a clustered... by cascompany Explorer in Splunk Enterprise Security 11-20-2019 0 3	0	3
Calculate Percentage of Packets So i have a splunk query that returns the below output IP Packets 1.1.1.1 100 1.1.1.2 ... by abhik1501 New Member in Splunk Enterprise Security 11-20-2019 0 1	0	1
Splunk Query Hi, After Extracting a field using regex. I now need to compare whether that particular field contains any command .... by rupeshn Explorer in Splunk Enterprise Security 11-20-2019 0 4	0	4
Setting up Demisto in Splunk? I'm hosting both Demisto and Splunk ES (Both free edition) on the same network. I have added the API key for Splunk i... by cltqchevron New Member in Splunk Enterprise Security 11-20-2019 0 0	0	0
Adaptive Response Variables Hello, I utilize Adaptive Response quite a bit for automatically creating incident tickets and dumping all of the re... by ericl42 Path Finder in Splunk Enterprise Security 11-19-2019 0 1	0	1
Enterprise Security: Why can’t we see the bunit field, that should be part of the Asset and Identity framework? We got the message that the bunit field belongs to the Asset and Identity framework and therefore should appear in th... by danielbb Motivator in Splunk Enterprise Security 11-19-2019 0 1	0	1
How can I setup alerts when there are any additions on an Active Directory Group and when local administrative accounts are created? Alert when - Additions to critical Active Directory groups such as Domain Admins, Enterprise Admins, Key Management G... by kappalkamal New Member in Splunk Enterprise Security 11-18-2019 0 1	0	1
Help with a search to check recent activity and set alert Hi, I would like to make sure I got this correct and I cant seem to find the answer anywhere. I added the whole sear... by tassetjn Engager in Splunk Enterprise Security 11-18-2019 0 2	0	2