Hi,
When I wanted to create a new lookup in ES through ES->Configure->Data Enrichment->Identity Management, there's no "New" button, the role we are using is ess_admin, from the d...
Configuration:
We have configured a lookup table under 'ESS Identity management' to maintain the list of users. The user list is updated daily using a scheduled search. And the 'priority' of the u...
I've created an alert in Splunk Enterprise and used the Splunk SOAR / Phantom plugin to call the action "Run a playbook in Splunk SOAR". So far so good. Alert fires, it gets forwarded over to SOAR. S...
Hi all, I'm struggling with problem that I can't find any error logs in Asset andIdentity Management dashboard in Splunk Enterprise Security. It shows NOT FOUND and I see the error message b...
Has anyone encountered this issue and how did you fixed it on Splunkcloud and Enterprise Security "Identity: An error occurred while the Asset andIdentity Management modular input ran" ?&n...
I want to create a new server class in Forwarder Management just for workstations (Windows 10). Since they are located in a particular subnet X.X.X.32/24 or X.X.X.32 255.255.255.224. Can I use the w...
In a busy Search Head Cluster environment, there are Jobs listed as "Created at" with a date of Dec 31st, 1969. This eventually changes but Is this expected? Here is an example:
Hi, I'm trying to create an incident within the Alert Manager App per result row of the generating search. Let's say I have a search "Failed transactions by host". The result table looks like t...
I have been asked to come up with a dashboard for my management team. I am trying to pull it from some Nagios performance stats. The data has an icmp poll against every network device on the n...
I need help with adding an asset input stanza for the lookup source. I created a sample lookup that has the proper headers andand set it up to share with the app however I can’t seem to get my l...