...rom datamodel:"Change_Analysis"."Auditing_Changes"
| where ('action'="cleared" OR 'action'="stopped" )
| stats max(_time) as "lastTime",latest(_raw) as "orig_raw",count by "dest","result"
| r...
...uthentication.conf/[saml]/sslKeysfilePassword: deprecated; use 'sslPassword' instead
We modified as instructed, but every time we had to make a change in the GUI, it changed the suggested parameters back to the deprec...
As stated in the title, I'm looking for someone tell the differences between the field user and src_user in the CIM Model ChangeAnalysis (All_Change.Account_Management). The definitions in Splunk d...
...hen I developed the search and added it to triggered events, I chose the severity as High. But, when the event is triggered on Incident Review, it shows severity as low. On the Risk Analysis dashboard, i...
After upgrading to Splunk Enterprise 9.0 I do get the following message from several Dashboard.
This dashboard view is deprecated and will be removed in future versions of Splunk software. Open t...
Hello, After updating SES to version 6.4.0, the menu Configure > Data Enrichment > Threat intelligence Management shows an empty content page with an error "Not found" /app/Splunk...
I have a dashboard that runs entirely off of AIDE file integrity events in the ChangeAnalysis data model.
When the dashboard opens, I see two messages complaining that Eventtype 'XXXX' does not e...
...ant how many sites network consumption is excedding particaular threshold how can i change according to the tier selected
Here is search query where i want to change my threshold according to the t...