...internal" sourcetype=*content_management* But i am not getting any useful data with this query. Please kindly help me where all logs stored for content management(use cases) inEnterprisesecurity...
A user is unable to access investigationsinEnterpriseSecurity (version ES 7.1.1) on Splunk Cloud (Splunk 9.0.2) . When clicking on investigations from the main menu the message "You do not have p...
Configuration:
We have configured a lookup table under 'ESS Identity management' to maintain the list of users. The user list is updated daily using a scheduled search. And the 'priority' of the u...
Hi,
I have an issue at a customer where ES is not showing the notables on the incident management page or the security posture page. I have confirmed that the custom correlation searches are e...
I am looking for advices on how to plan the backup and storage of "My Investigations" data in the SplunkEnterpriseSecurity (ES).
Two questions regarding this:
1- How to configure and manage t...
Hi All,
We want to enable ssl in our aws splunkEnterprise cluster on management port 8089 with own certs(provided by my company) I followed all the required steps from various documents and e...
I'm attempting to create a new correlation search inSplunkEnterpriseSecurity (4.1). I've created a blank app to house all the custom searches, but when I pick the app from the "Application C...
We just recently upgraded to the latest version of ES 4.7.2 from 4.5.2 However after upgrading the page content management doesn't yield any results (see screenshot).
It stays in the "Retrieving s...
Is there a way to update the default collection or create a custom collection of swimlanes for the investigator dashboards for Splunk for EnterpriseSecurity?
For example, Asset Investigator has t...