I have an app installed -- Splunk_TA_remedy -- and I'd like to change some configuration properties in the alert_actions.conf but I can't see a way to do this in the UI. I'm considering forking&n...
I go to Configure > Content > Use Case Library.
It shows this nice page but I can't view all the use cases.
Meaning, setting all the filters to All and I still can't see the full l...
..." by "Authentication.app","Authentication.src" | rename "Authentication.app" as "app","Authentication.src" as "src" | where 'count'>=6
I would like the query to trigger only when there is a S...
Splunk Enterprise ContentUpdates has this Analytic Story: Account Monitoring and Controls. It contains a savedsearch (?) named "ESCU - Detect Excessive Account Lockouts From Endpoint - Rule".
T...
...wo-Tiered Splunk Deployment Server Architecture, do we need to do the command splunk reload deploy-server twice (one in Master DS and another one in Slave DS) whenever we have some updates in the apps(d...
...plunkEnterpriseSecuritySuite) from etc/shcluster/apps to etc/apps folder Ran the upgrade command – (/opt/splunk/bin/splunk install app ./splunk-enterprise-security_620.spl -update 1) Ran the essinstall command as per the i...
I want to set up an organized system of permissions so we can give the right access to the right data and the right Splunk features to the right analysts in my organization. Can I get a sketch of how...
....0/RN/Enhancements Automated updates for the Splunk ES ContentUpdate (ESCU) app When new security content is available, the update process is built into Splunk Enterprise Security so that ES a...