Splunk Enterprise Security

Community Activity

Searching notable events in ES to match user field Folks, I'm trying to match a field (user) from a search to see if any previous notable events ES have been generated ... by marktechuk New Member in Splunk Enterprise Security 09-03-2019 0 2	0	2
Linux encryption We're looking into full disk encryption and was looking in Linux full disk encryption. Any concerns you can think of... by ritchiem14 New Member in Splunk Enterprise Security 09-03-2019 0 1	0	1
Enterprise Security: How can I trace the notable events? I created a correlation search that should have produced notable events. How can I trace these notable events? by danielbb Motivator in Splunk Enterprise Security 09-03-2019 0 19	0	19
We are attempting to setup local lookup file as a threat intelligence download ( as per https://docs.splunk.com/Documentation/ES/5.3.0/Admin/Addthreatintelcustomlookup) . and are unable to use th... by rbal_splunk Splunk Employee in Splunk Enterprise Security 08-30-2019 0 2	0	2
Problem on Changing Syslog Sourcetype The problem is on changing syslog sourcetype into another one. I read all splunk answer about it. I am following the ... by element1314 New Member in Splunk Enterprise Security 08-29-2019 0 1	0	1
How to track inbound and outbound traffic from firewall logs Hi helpful people, I am trying to create a use case which will monitor source and destination traffic(like both comm... by ashferns08 Engager in Splunk Enterprise Security 08-29-2019 0 3	0	3
add variables into serach name under correlation search can we add certain variables like $src$ \| $dest$ into search name: actually we are sending... by riqbal47010 Path Finder in Splunk Enterprise Security 08-29-2019 0 1	0	1
Help with regex to print the value Total_bytes_recv and Total_bytes_send from log Log: Aug 28 17:46:20 192.168.111.14 08/28/2019:16:46:18 GMT 0-PPE-0 : default TCP OTHERCONN_DELINK 1091143 0 : Sourc... by sarbankumar New Member in Splunk Enterprise Security 08-29-2019 0 6	0	6
How to get correlation searches to trigger on older data? We had an incident on a device that we had not had a chance to ingest logs into Splunk. That incident occurred 2 week... by nb1030 New Member in Splunk Enterprise Security 08-28-2019 0 3	0	3
How do I merge two searches into one, and have all the fields filled in? I have two seperate searches that I appended together, but I only need one field out of the second search. My proble... by ESPrioleau New Member in Splunk Enterprise Security 08-28-2019 0 2	0	2
How can end user help improve overall Splunk Enterprise Security speed? My Splunk Admin is the landlord and I'm the tenant. Let's say the landlord is dealing with personal matters and canno... by jsven7 Communicator in Splunk Enterprise Security 08-28-2019 0 2	0	2
Datamodel status building since long I have Email datamodel that ships alongwith Splunk ES. It's in building status and it's accelerated too. How to trou... by snigdhasaxena Communicator in Splunk Enterprise Security 08-26-2019 0 3	0	3
How to Add Workflow Search Action under notable event From a Splunk custom App, I need to add the workflow action which should be displayed under the Actions menu for the ... by gsabhay77 Explorer in Splunk Enterprise Security 08-26-2019 0 2	0	2
Difference between Palo alto all indecent and ES notable events? Hi Splunkers, We are getting critical incidents in Palo alto All incidents dashboard. We configured ES threat activ... by p_gurav Champion in Splunk Enterprise Security 08-26-2019 0 1	0	1
Help with Suspect IP hits to my web. Hello, I have WEB IIS Logs. we have IP addresses in the web logs and want to know when web hits from suspect IP's ... by satyaallaparthi Communicator in Splunk Enterprise Security 08-23-2019 0 5	0	5
Can a Splunk Heavy Forwarder send data via UDP or does it have to be TCP? Can a Splunk Heavy Forwarder send data via UDP or does it have to be TCP? We need to implement a one-way transfer ... by thomasaporter Explorer in Splunk Enterprise Security 08-23-2019 1 4	1	4
Current User Variable within Adaptive Response We're using an adaptive response rule to create tickets for our notable events. One item that I need is the current l... by ericl42 Path Finder in Splunk Enterprise Security 08-22-2019 0 3	0	3
Enterprise Security: why don't the events get indexed to the notable index? This one is, in a sense, a continuation of Enterprise Security: How can I trace the notable events? Running - index=... by danielbb Motivator in Splunk Enterprise Security 08-22-2019 0 4	0	4
When upgrading Splunk Enterprise Security from 4.7.x to 5.2.2, should we plan incremental upgrades? Hello, I just wanted a confirmation if the following upgrade paths are supported. My organization plans to do the f... by plimon Explorer in Splunk Enterprise Security 08-22-2019 0 5	0	5
Check secure communication establish between search head and indexer Hi Experts, I am new in Splunk, especially in a Splunk distributed environment creation. For enable SSL on splunkWeb... by arun_kant_sharm Path Finder in Splunk Enterprise Security 08-22-2019 0 1	0	1
CIM malware actions Greetings... We are currently using ES and ingesting data from our IDS and AV to populate the Malware DataModel. Acc... by richardphung Communicator in Splunk Enterprise Security 08-22-2019 0 1	0	1
The Asset Center and Identity Center dashboard. Hi Splunkers; Before was Asset Center and Identity Center dashboards takes results from assets.csv and identities.cs... by aalhabbash1 Path Finder in Splunk Enterprise Security 08-21-2019 0 9	0	9
Omit Token Value from Results on 1 Panel I'm have a dashboard with multiple panels, some of which provide hostnames and others that do not (some coming from A... by chrisschum Path Finder in Splunk Enterprise Security 08-21-2019 0 4	0	4
Can you help me count the following two files? Hi, i have two files \| inputlookup ABC \| stat count result=10 \| inputlookup XYZ \| stat count result=20 i want ... by logloganathan Motivator in Splunk Enterprise Security 08-20-2019 0 6	0	6
CVE-2016-7103 vulnerability is detected in Splunk 6.6.6 Through BURP scan reports we could find https://www.cvedetails.com/cve/CVE-2016-7103/ vulnerability reported in Splun... by robinsplunk161 New Member in Splunk Enterprise Security 08-20-2019 0 0	0	0