Splunk Enterprise Security

Community Activity

Ingesting DNS Server logs I would like to forward DNS events from my DNS server with a UF that is monitoring the dns.log debug output. i am alr... by omri_p Engager in Splunk Enterprise Security 08-06-2019 0 2	0	2
Multitenancy in Enterprise Security Hi. Does anyone know if Multitenancy can be accomplished with a Single Instance of Enterprise Security? I have sea... by jaime_ramirez Communicator in Splunk Enterprise Security 08-06-2019 0 4	0	4
Phantom: Playbook that Prompts for User Input Wondering if Phantom has the ability to prompt for user input in a playbook. Like a simple text box popup to allow f... by jamolson Path Finder in Splunk Enterprise Security 08-06-2019 0 3	0	3
how do i get complete list of ip address ? is there any query ? i need to create a dashboard with complete information of IP address by naveenyadav99 Explorer in Splunk Enterprise Security 08-06-2019 0 1	0	1
drilldown issue i have dashboard like this A B C 222 112 90 table by location Location A B C in 12 ... by logloganathan Motivator in Splunk Enterprise Security 08-05-2019 0 5	0	5
How to create a cron-scheduled alert that triggers a mail with the notable event, urgency and triggered time? I was trying to create a cron-scheduled alert in Splunk, that would trigger a mail with the notable event, urgency an... by paul96 New Member in Splunk Enterprise Security 08-04-2019 0 2	0	2
Does Splunk recognize a fraction value in a field as number? Hi all, I have the following search that calculates a risk value based on a formula: index=EX sourcetype=EX \| dedup... by ivan128 Explorer in Splunk Enterprise Security 08-04-2019 0 1	0	1
Splunk Enterprise Security: What does the error tag mean? We see many events tagged as error. What does it mean? index=bluecoat has quite a bit of them, for example. by danielbb Motivator in Splunk Enterprise Security 08-02-2019 0 2	0	2
Splunk Add-on for Windows v6 - Transition Experiences Requested Our team just transitioned from Splunk Add-on for windows v4 to v5. Changing references to sourcetypes among knowled... by dstaulcu Builder in Splunk Enterprise Security 08-02-2019 0 1	0	1
Search Help: Search Boxes on Dashboard Hey All, I need some assistance with completing some search parameters. I created a search to correlate emails goin... by adalbor Builder in Splunk Enterprise Security 08-01-2019 0 1	0	1
Datamodel not showing all actions Network_Traffic Traffic_By_Action isn't showing allowed or deferred. In the data model, here is the constraints: (`c... by wgawhh5hbnht Communicator in Splunk Enterprise Security 08-01-2019 0 7	0	7
Need help to write regex. I have 2 sets of logs. I am supposed to extract the content between the last 2 '#' among the below logs. Please help.... by vaibhavbharadwa Observer in Splunk Enterprise Security 08-01-2019 0 5	0	5
Splunk SE \| find out from user ID from what machines did they log in from ? Hi all , i am fairly new to splunk and gennrelly in splunk SE as well , i am in dispreate need of your help if you ma... by kabar New Member in Splunk Enterprise Security 08-01-2019 0 1	0	1
Issues after upgrading Splunk Enterprise security to 5.3 Good Day All, I recently upgraded my ES running on a linux box to 5.3. The update went smooth but once the update... by ranjitbrhm1 Communicator in Splunk Enterprise Security 08-01-2019 0 5	0	5
How to find summary index search I have summary indexes but not able to identify search criteria for that. Where I can check? Sourcetype is stash by N92 Path Finder in Splunk Enterprise Security 08-01-2019 0 1	0	1
Field Extraction not working in ES App Hello Experts, I am facing difficulty while performing a search on ES App. While performing a search in ES App filed... by sumanssah Communicator in Splunk Enterprise Security 07-31-2019 0 2	0	2
Splunk Enterprise Distributed Deployment Guide RHEL 7 Hello, I have inherited a Splunk Enterprise deployment with a mixed OS (Windows/Linux) environment. We are in the p... by grantk87 New Member in Splunk Enterprise Security 07-31-2019 0 3	0	3
Enterprise Security - Threat intel (General Discussion) Hi All, Just curious to see what threat intel Enterprise Security Specialists/administrators are using for their SIE... by siddh01r New Member in Splunk Enterprise Security 07-31-2019 0 2	0	2
Update a Lookup Table with Identity information coming from our index "elist" I need to update a Lookup Table with Identity information coming from our index "elist", I am trying get the search t... by MikeVenable Path Finder in Splunk Enterprise Security 07-31-2019 0 2	0	2
Unable to upload Threat Intelligence to ES despite Valid Directory I have been trying to upload intelligence to Splunk ES. But getting following error continuously. "The upload directo... by dkolekar_splunk Splunk Employee in Splunk Enterprise Security 07-31-2019 0 1	0	1
Longitude in DA-ESS-ThreatIntelligence is named as 'long' but the base search is 'lon' There is a BUG in the DA-ESS-ThreatIntelligence app. In the Datamodel under Threat Intelligence > IP Intelligence ... by christopherr_sp Splunk Employee in Splunk Enterprise Security 07-31-2019 0 1	0	1
Splunk Add-on for SalesForce - Can't find events Hello, We got the Splunk Add-on for SalesForce and configured the API User but it's only pulling Authentication logs... by guarisma Contributor in Splunk Enterprise Security 07-30-2019 0 5	0	5
Process created on persistant handler does not exit even after returning I have a persistant handler for REST calls which does a particular functionality using multi-threading until a flag v... by rshah_splunk Splunk Employee in Splunk Enterprise Security 07-30-2019 0 0	0	0
Enterprise Security Admin vs User overlap and certification I've been using and administering Splunk Enterprise since Splunk 4. I have certifications up to the current Splunk ... by professor_butte New Member in Splunk Enterprise Security 07-29-2019 0 2	0	2
Remote Registry Key modifications It currently monitors filesystem changes and to make adjustments to that I modify an inputs.conf file under deploymen... by vietlq414 Explorer in Splunk Enterprise Security 07-28-2019 1 0	1	0