Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
prajapatividhyu

Showing the Unknown results in chart?

I want to build a chart using external fields through look up table in Splunk Enterprise Security. After a week, I go...
by prajapatividhyu New Member in Splunk Enterprise Security 07-12-2019
0 0
0
0
tanglong

Stats and Count log after query

Hello, I have problem with stats after query searching on splunk. Please see detail on image. Data Log: this is ra...
by tanglong Engager in Splunk Enterprise Security 07-11-2019
0 2
0
2
siddh01r

Merge to 2 searches to get License usage by Application

HI all, I have got a sufficient search to get license usage for the index that used by our Dev team. See below Sear...
by siddh01r New Member in Splunk Enterprise Security 07-11-2019
0 0
0
0
richardphung

Asset lookup with conditional eval

Greetings-- I have an asset lookup gen that begins with: | stats latest(src_ip) as ip latest(os) as os **latest(prim...
by richardphung Communicator in Splunk Enterprise Security 07-11-2019
0 2
0
2
AndySplunks

Splunk Enterprise Security: is there a way to notify someone via email that they have been assigned a notable event?

Is there any way to notify someone that an incident has been assigned to them? For my in incident review process, I ...
by AndySplunks Communicator in Splunk Enterprise Security 07-11-2019
2 4
2
4
vikajha

Splunk Enterprise Security: Create an alert that sends email to the user who’s got an Enterprise Security notable event assigned to them...

Its should only fire in case of user other then owner assign an notable event to them.
by vikajha Explorer in Splunk Enterprise Security 07-11-2019
0 0
0
0
Manoj1988

I had a usecase to remove one of the filed(Secutiry_id) value WHEN IP address is 10.141.20.19.Can you guys help in framing the query

I had a usecase to remove one of the filed(Secutiry_id) value WHEN IP address is 10.141.20.19.Can you guys help in fr...
by Manoj1988 New Member in Splunk Enterprise Security 07-10-2019
0 1
0
1
elbrianle

Unexpected end of JSON input for Azure Monitor

Getting the following error message: 07-10-2019 13:02:18.411 +0000 ERROR ExecProcessor - message from ""C:\Program F...
by elbrianle New Member in Splunk Enterprise Security 07-10-2019
0 1
0
1
MikeVenable

Splunk Enterprise Security :Correlation search for expired identity activity from a lookup table

I'm trying to create a correlation search that imports a lookup table called ExpiredIdentities.csv then it takes all ...
by MikeVenable Path Finder in Splunk Enterprise Security 07-10-2019
0 3
0
3
vatsalyay

Create a search to find Average time taken to close an incident from the time it opens

Hello, I want to create a search for the average time taken to close an incident in ES, after it closes from the tim...
by vatsalyay New Member in Splunk Enterprise Security 07-10-2019
0 3
0
3
hyleung

How to count Stats by two Fields in one search

I have tired the following commands to retrieve the results, but it fails. |from datamodel:"Authentication"."Failed ...
by hyleung New Member in Splunk Enterprise Security 07-10-2019
0 2
0
2
nickmuno510

Automatically recognize if all data behave the same at night / on weekends / on public holidays--> determine time period for gap in my graph

Hello, When I plot a timechart, there are some empty buckets, which causes a gap in my graph. In these gaps (values ...
by nickmuno510 New Member in Splunk Enterprise Security 07-10-2019
0 0
0
0
ahmedragy922

splunk ES and Esesntial app prequiest

hi, is there any prerequisite to install or make ES or Essential app work ??? like should I install CIM add-on before...
by ahmedragy922 Explorer in Splunk Enterprise Security 07-09-2019
0 1
0
1
Vnam

How to capture the time when the notable alert was fired, in a field?

I have to populate a field called event_generation_time. I want to populate the time when notable event was created f...
by Vnam Engager in Splunk Enterprise Security 07-09-2019
0 3
0
3
brdr

Splunk 6.5.1 and Splunk Enterprise Security 4.5.1: What is upgrade path from Splunk 6.4.0 and ES 4.1.1?

Hi, I know the order to upgrade Splunk components. But don't totally understand the path to upgrade from Splunk Ente...
by brdr Contributor in Splunk Enterprise Security 07-08-2019
0 3
0
3
jamolson

Phantom - Assign Container/Case to Self - Playbook

I am working on automating some minor things and I want to add in a step to have the playbook assign the container or...
by jamolson Path Finder in Splunk Enterprise Security 07-08-2019
0 2
0
2
mkhedr

web security logs (raw data)

Hello everyone, Urgently, am looking for a web security logs to ingest it in splunk enterprise for practicing purpo...
by mkhedr Explorer in Splunk Enterprise Security 07-07-2019
0 1
0
1
woodcock

ES: Why does my new search not appear in the "Saved Search Name" on the "Incident Review" screen?

I created a new correlation search like I have many times before but this time when it fires on the Security Posture ...
by Esteemed Legend in Splunk Enterprise Security 07-05-2019
0 1
0
1
90509

I would like to find out failed login attempts with Event Code (4625) here the condition is failed login attempts with in one hour and if the failed attempts less than that what ever the event code present in the index will be displayed.?

Hi All, I would like to find out failed login attempts with Event Code (4625) , here the condition is failed login a...
by 90509 Engager in Splunk Enterprise Security 07-03-2019
0 8
0
8
nisnes12

How to get word on search and save on new column tables ?

Hello guys, I have a search, sourcetype=example "testword" OR "abcd" | table _time _raw If I run this query, I...
by nisnes12 New Member in Splunk Enterprise Security 07-03-2019
0 7
0
7
mbouchersops

Help with Splunk ES Investigations Collaborators

Hello, We are using Splunk Enterprise Security and I was just wondering if there is any way to add multiple collabor...
by mbouchersops Engager in Splunk Enterprise Security 07-02-2019
2 1
2
1
cpnewton

streams and DNS over (HTTPS or TLS)...DoH/DoT

How will Splunk address encrypted DNS collection? It's weird you need to have karma points to post a link, look up t...
by cpnewton Explorer in Splunk Enterprise Security 07-02-2019
1 3
1
3
siddh01r

Detecting Port Scan (nmap)

I did a test port scan using nmap. This way I could catch what I was looking for in ES. Below is my query and it show...
by siddh01r New Member in Splunk Enterprise Security 07-02-2019
0 0
0
0
vemurisurya

crcSalt is not working with multiple sub dir contains same file name monitoring

Hi, Am writing a monitoring stanza to on-board the files with same name but different sub-directory named using fol...
by vemurisurya Path Finder in Splunk Enterprise Security 07-02-2019
0 1
0
1
joeldavideng

Threat Intelligence Searches Not Populating threat_activity Index

The search "Threat - Source and Destination Matches - Threat Gen" is working and producing results, only the results ...
by joeldavideng Path Finder in Splunk Enterprise Security 07-02-2019
0 0
0
0
Get Updates on the Splunk Community!

The OpenTelemetry Certified Associate (OTCA) Exam

What’s this OTCA exam? The Linux Foundation offers the OpenTelemetry Certified Associate (OTCA) credential to ...

From Manual to Agentic: Level Up Your SOC at Cisco Live

Welcome to the Era of the Agentic SOC   Are you tired of being a manual alert responder? The security ...

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Welcome back to Splunk Classroom Chronicles, our ongoing series where we shine a light on what really happens ...
Top Solution Authors
View All