Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

Splunk Enterprise Security: Issue found in "SA-IdentityManagement" : Identity - Asset CIDR Matches - Lookup Gen

Hello, We have issues to merge our dhcp_asset_list (made of dns record, mac and ip address) into the Asset & Ident...

by Path Finder in

Splunk Enterprise security: What is tag=ids for cim_Intrusion_Detection_indexes?

In ES, the constraint for Intrusion Detection is (cim_Intrusion_Detection_indexes) tag=ids tag=attack. What is th...

by Motivator in

Why after operating normally for a 7 days are all my notable events showing "0" for the last 24 hours

Splunk PS setup our instance and the last day here the Notable Events began falling. No changes that I am aware of bu...

by New Member in

What are the steps to fully enable ES in a company?

We have ES installed and we managed to map a couple of our indexes to the proper data models (using the tags) which w...

by Motivator in

ES - Correlation Search - Lookup file is not populated

3 Correlation Searches stating that previously_seen_users_console_logins.csv isn't populated: Detect new user AWS ...

by Communicator in

Taking all pairs of elements in a multivalue field to use it in a macro

Hello. I would like to be able to loop along all the elements of a multivalued field to compare all against each ...

by Explorer in

Ingesting DNS Server logs

I would like to forward DNS events from my DNS server with a UF that is monitoring the dns.log debug output. i am alr...

by Engager in

Multitenancy in Enterprise Security

Hi. Does anyone know if Multitenancy can be accomplished with a Single Instance of Enterprise Security? I have...

by Communicator in

Phantom: Playbook that Prompts for User Input

Wondering if Phantom has the ability to prompt for user input in a playbook. Like a simple text box popup to allow f...

by Path Finder in

how do i get complete list of ip address ? is there any query ?

i need to create a dashboard with complete information of IP address

by New Member in

drilldown issue

i have dashboard like this A B C 222 112 90 table by location Location A B C in 12 10 2 us 9 5 4 uk 5 2 1 when ...

by Motivator in

How to create a cron-scheduled alert that triggers a mail with the notable event, urgency and triggered time?

I was trying to create a cron-scheduled alert in Splunk, that would trigger a mail with the notable event, urgency an...

by New Member in

Does Splunk recognize a fraction value in a field as number?

Hi all, I have the following search that calculates a risk value based on a formula: index=EX sourcetype=EX | ded...

by Explorer in

Splunk Enterprise Security: What does the error tag mean?

We see many events tagged as error. What does it mean? index=bluecoat has quite a bit of them, for example.

by Motivator in

Splunk Add-on for Windows v6 - Transition Experiences Requested

Our team just transitioned from Splunk Add-on for windows v4 to v5. Changing references to sourcetypes among knowledg...

by Builder in

Search Help: Search Boxes on Dashboard

Hey All, I need some assistance with completing some search parameters. I created a search to correlate emails ...

by Builder in

Datamodel not showing all actions

Network_Traffic Traffic_By_Action isn't showing allowed or deferred. In the data model, here is the constraints: (...

by Communicator in

Need help to write regex.

I have 2 sets of logs. I am supposed to extract the content between the last 2 '#' among the below logs. Please help....

by Observer in

Splunk SE | find out from user ID from what machines did they log in from ?

Hi all , i am fairly new to splunk and gennrelly in splunk SE as well , i am in dispreate need of your help if you ma...

by New Member in

Issues after upgrading Splunk Enterprise security to 5.3

Good Day All, I recently upgraded my ES running on a linux box to 5.3. The update went smooth but once the update got...

by Communicator in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Enterprise Security

Discussions

Splunk Enterprise Security: Issue found in "SA-IdentityManagement" : Identity - Asset CIDR Matches - Lookup Gen

Splunk Enterprise security: What is tag=ids for cim_Intrusion_Detection_indexes?

Why after operating normally for a 7 days are all my notable events showing "0" for the last 24 hours

What are the steps to fully enable ES in a company?

ES - Correlation Search - Lookup file is not populated

Taking all pairs of elements in a multivalue field to use it in a macro

Ingesting DNS Server logs

Multitenancy in Enterprise Security

Phantom: Playbook that Prompts for User Input

how do i get complete list of ip address ? is there any query ?

drilldown issue

How to create a cron-scheduled alert that triggers a mail with the notable event, urgency and triggered time?

Does Splunk recognize a fraction value in a field as number?

Splunk Enterprise Security: What does the error tag mean?

Splunk Add-on for Windows v6 - Transition Experiences Requested

Search Help: Search Boxes on Dashboard

Datamodel not showing all actions

Need help to write regex.

Splunk SE | find out from user ID from what machines did they log in from ?

Issues after upgrading Splunk Enterprise security to 5.3

How to put Limit on "edit Selected" option for the...

Is throttling based on trigger time? How do we dec...

What should be the source type for AWS KMS logs to...

Single Enterprise Security searchhead cluster conn...

Trying to set default disposition of a notable cor...