Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

How do I use regex to select a string between two colons?

I have a field (myfield) whose values are as follows: "0051: IP: Source IP Address Spoofed (Impossible Packet)" ...

by New Member in

How come my Splunk Enterprise security set up has failed?

Hi all, I tried to install a new version of Splunk Enterprise Security. But the set up failed with the error I...

by Path Finder in

CEF Files on Syslog-NG with Universal Forwarder

We use Websense in the Cloud, and their method for retrieving log files is to use a perl script which pulls down the ...

by Engager in

How do I configure Splunk to monitor network traffic on Juniper devices?

Hello. I want to monitor the network traffic in my Company using Splunk. I have configured Splunk to read syslog ...

by Explorer in

How do you encrypt and decrypt whole event data within Splunk?

Hello, I have to Encrypt and Decrypt whole event data within Splunk. **Encrypt -** Our application logs a...

by New Member in

Multivalue Text Input Fields

I have been struggling to get a multivalue text input field to work. Originally, I had tried this approach: index...

by New Member in

Need Support with Splunk Core Power certification.

NO SUPPORT Provided to me for my power user certification, I only get case numbers but no reply on the same. i am rea...

by New Member in

How can i do a Future Proof for the indexing?

somebody know, how can i do a Future Proof for the indexing? I need to execute an analysis about the growth of ind...

by Communicator in

Is Layer 7 FLow supported by Splunk stream?

I would like to know if Splunk is capable of collecting Layer 7 flow to identify applications by Splunk stream or by ...

by New Member in

Why won't SplunkWeb start after ES was upgraded?

I upgraded ES to version 5.0.0 but SplunkWeb now won't start. I see error messages like this: 2018-02-20 19:13:50,...

by Champion in

Training Credits Report

Union Bank has training credits and I need to find a report that will show me how many training credits I have availa...

by New Member in

How to differentiate between default reports/dashboards/alerts provided by splunk and one which is modified/customized/created by any user?

I need to export all reports/dashboards created/modified by 7 users (including admin's modified and excluding admin's...

by Observer in

Error regarding Checkpoint OPSEC LEA

I have installed the splunk Add-on on the Heavyforwarders and when trying to establishing the connection over TCP 181...

by New Member in

Is there an alternate app available for SCCM since SCCM App for Splunk is not compatible with 6.4?

We are planning to upgrade our Splunk core from 6.2.2 to 6.4.x and Enterprise Security App as well which has dependen...

by Engager in

How do you access notable event IDs from adaptive response Python code?

Hi, I have a few adaptive responses (AR) which are tagged to run on correlation rule triggering. These Adaptive re...

by Path Finder in

Palo Alto Adaptive Response from Enterprise Security

Hi, https://answers.splunk.com/answers/589237/splunk-enterprise-security-adaptive-response-actio.html So this i...

by New Member in

Can you help me assess the needs of a Splunk environment that lacks proper documentation?

Let's say you get a new job where you'll be working with Splunk. When you come in, you come to realize many aspects o...

by Path Finder in

After upgrading from Splunk Enterprise Security 5.1, why am I getting the following error message?

We have two search heads. One of them is a deployment server containing mostly apps and the other is dedicated to Ent...

by Engager in

Is the GuardDuty Add-On supported on Splunk Version 7.2?

Is the GuardDuty Add-on officially supported on Splunk version 7.2? If not, are there plans to update it so it is sup...

by Path Finder in

When trying to create a dashboard for Risk Analysis In Splunk Enterprise Security, why am I getting the following error: "the search for datamodel 'Risk' failed to parse"

Hello, I have Splunk enterprise security version 6.5.3.1 and am trying to create a dashboard for Risk Analysis. Wh...

by Path Finder in

what data model Crowdstrike Falcon Intelligence data should be mapped to?

Hi All, I am using https://splunkbase.splunk.com/app/3945 app to pull crowdstrike Falcon intelligence data. what d...

by Explorer in

Can you help me figure out why my Splunk 7.2.0 & Enterprise Security 5.1.1 are returning a "Search waiting for input" error?

After updating our Splunk environment from Splunk 7.0.3 & ES 5.0 to Splunk 7.2.0 & Enterprise Security 5.1.1, many of...

by Explorer in

Splunk ES "Error occurred during investigation"

Hi Folks, my client recived this error after updated Splunk ES to 5.1.0 Version the error is: Error occurred...

by Path Finder in

New Power User Exam

Hello, I was wondering if anyone has taken the new power exam for 7.x. What were your thoughts on it? Was it very dif...

by Explorer in

Can you help me with Http Event Collector (HEC) forwarding via alert?

Hi Guys, Doing some forwarding of events using the HEC. So far it looks like this: Events come in from source(f...

by Builder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

How do I use regex to select a string between two colons?

How come my Splunk Enterprise security set up has failed?

CEF Files on Syslog-NG with Universal Forwarder

How do I configure Splunk to monitor network traffic on Juniper devices?

How do you encrypt and decrypt whole event data within Splunk?

Multivalue Text Input Fields

Need Support with Splunk Core Power certification.

How can i do a Future Proof for the indexing?

Is Layer 7 FLow supported by Splunk stream?

Why won't SplunkWeb start after ES was upgraded?

Training Credits Report

How to differentiate between default reports/dashboards/alerts provided by splunk and one which is modified/customized/created by any user?

Error regarding Checkpoint OPSEC LEA

Is there an alternate app available for SCCM since SCCM App for Splunk is not compatible with 6.4?

How do you access notable event IDs from adaptive response Python code?

Palo Alto Adaptive Response from Enterprise Security

Can you help me assess the needs of a Splunk environment that lacks proper documentation?

After upgrading from Splunk Enterprise Security 5.1, why am I getting the following error message?

Is the GuardDuty Add-On supported on Splunk Version 7.2?

When trying to create a dashboard for Risk Analysis In Splunk Enterprise Security, why am I getting the following error: "the search for datamodel 'Risk' failed to parse"

what data model Crowdstrike Falcon Intelligence data should be mapped to?

Can you help me figure out why my Splunk 7.2.0 & Enterprise Security 5.1.1 are returning a "Search waiting for input" error?

Splunk ES "Error occurred during investigation"

New Power User Exam

Can you help me with Http Event Collector (HEC) forwarding via alert?

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions