Splunk Enterprise Security

Discussions

Thread Info

How to use splunk to create a CMDB like table of asset info?

Hello, Our security team has had a need of a asset management tool to keep track of our hardware and software...

by Path Finder in

Why the System Center does not show data from Windows system?

In System Center dashboard, only *NIX system data is available, not Windows system. I've already install Splunk Add-o...

by Loves-to-Learn in

Why did a script exited abnormally with exit status 1?

Hi i am kinda new to Splunk and I'm having this trouble `A script exited abnormally with exit status: 1" input=".$SPL...

by Loves-to-Learn Lots in

Splunk Add-on For Salesforce

Are there pre-configured or default Dashboards associated with this Add-on? Is the Add-on suppose to show up under A...

by Observer in

How do you add an additional “Drill-down Search” in the details of a Notable Event?

When you expand the details of a Notable Event in Enterprise Security (ES) 3.x there is a heading called “Contributin...

by Explorer in

How to extract new fields?

HI team, I need to extract the new fields by using rex for below raw data 1.ResponseCode 2.url mess...

by Explorer in

How to View License Usage from Search Head?

Is there a way to view license usage from the Splunk search head? I'm on Splunk 9.0.3.I've attempted to forward licen...

by Loves-to-Learn Lots in

rex fields

HI , please help to get new field URI by using rex /area/label/health/readiness||||||||||METRICS|--

by Explorer in

Why is pgrade Failing with OSError type 28?

Hello All, I am testing the upgrade from ES 6.2.0 to 6.6.2. When I do the upgrade it fails with OSError type 28 n...

by Contributor in

How to populate Assets and Identities in ES with SA-LDAPSearch on Heavy Forwarder?

Hello, I have a Splunk ES instance on AWS. All logs are forwarded there from a Splunk HF (full forwarding - no ind...

by Communicator in

How do i get Epic Hyperspace logs to Splunk with Syslog?

I would like retrieve data from Epic Hyperspace Logs via Syslog. I know you can use the Epic APIs like FIHR but I wou...

by Path Finder in

How to collect logs on Splunk Infrastructure Monitoring on prem?

Hello guys is it possible to start to monitor metrics for the host where we are collecting logs in Splunk ES? T...

by New Member in

Can anyone please help on the WORKSPACE ONE integration with SPLUNK?

Can anyone please help on the WORKSPACE ONE integration with SPLUNK? Scenario : We have SaaS setup for WS-1 (conne...

by Engager in

What are the differences between action.correlationsearch.enabled=1 and disabled=0

Hi, I got confused when running the following search to identify what are the enabled searches in the environme...

by Engager in

Saving and Retrieving SPL Searches on Demand without Scheduling

Hi, I would like to learn how to save an SPL search and be able to retrieve it whenever necessary. I'm unsure about...

by Builder in

short id incident review

some issues with short id we cant able to search through incident review, actually the paloalto saor is integrated wi...

by Loves-to-Learn Everything in

Enterprise Security- How to Add Threat Intelligence Feed using remote API?

Splunk ES documentation https://docs.splunk.com/Documentation/ES/7.1.1/Admin/Downloadthreatfeed#Add_a_URL-based_threa...

by Engager in

How can I achieve this absence of event?

I want to create a use case below is the scenario Let's suppose we have a device that will create a new temp user ...

by Path Finder in

Risk Notables- How can we exclude users from correlation searches?

Hi All, There are few risk notable events getting generated in the Incident review page as part of correlation sea...

by Explorer in

Is it possible to clone dashboards from the Enterprise Security app into a private custom app?

It is possible to clone dashboards from the Enterprise Security app into a private custom app so that I can make modi...

by Observer in

How to get logs from minio?

we have some services, each produces some logs. these logs aggregated and store in a minio bucket (not aws! just a on...

by Path Finder in

Authentication CIM tags and mapping

Hello all, I need help manually mapping a log source that has no supported add on. I entered in two event types wi...

by Explorer in

How to collect correlation searches that are enabled and aligned to mitre att&ck framework?

Hi Splunkers,I need to show to some stakeholders the correlation searches that we have enabled and are aligned to the...

by Explorer in

How do you create an Adaptive Response action using Python Script?

I'm trying to run a Python script as part of an Adaptive Response Action. In Splunk ES, I go to Enterprise Security ...

by New Member in

'Next Steps' Variable Substitution in Splunk Enterprise Security

Hello all! I am attempting to dynamically add 'Next Steps' to a notable event based off a lookup table in my Co...

by Engager in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

How to use splunk to create a CMDB like table of asset info?

Why the System Center does not show data from Windows system?

Why did a script exited abnormally with exit status 1?

Splunk Add-on For Salesforce

How do you add an additional “Drill-down Search” in the details of a Notable Event?

How to extract new fields?

How to View License Usage from Search Head?

rex fields

Why is pgrade Failing with OSError type 28?

How to populate Assets and Identities in ES with SA-LDAPSearch on Heavy Forwarder?

How do i get Epic Hyperspace logs to Splunk with Syslog?

How to collect logs on Splunk Infrastructure Monitoring on prem?

Can anyone please help on the WORKSPACE ONE integration with SPLUNK?

What are the differences between action.correlationsearch.enabled=1 and disabled=0

Saving and Retrieving SPL Searches on Demand without Scheduling

short id incident review

Enterprise Security- How to Add Threat Intelligence Feed using remote API?

How can I achieve this absence of event?

Risk Notables- How can we exclude users from correlation searches?

Is it possible to clone dashboards from the Enterprise Security app into a private custom app?

How to get logs from minio?

Authentication CIM tags and mapping

How to collect correlation searches that are enabled and aligned to mitre att&ck framework?

How do you create an Adaptive Response action using Python Script?

'Next Steps' Variable Substitution in Splunk Enterprise Security

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Splunk Macro cim_Alerts_indexes Error

Editing the alert that is sent to PagerDuty

Is it possible to make it mandatory to assign Owne...

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...