I have installed the latest splunk with Splunkenterprisesecurity on it. I have worked with enterprisesecurity before, and there were some filters available to filter incidents, now in this v...
We have a cluster with two search heads and two indexers. We need to install the EnterpriseSecurity app on the search heads. The question arises regarding the summary index and indexes created d...
...ight after getting SplunkEnterprise installed on their local machine. It can be daunting to log into Splunkfor the first time and know what the heck you should do. A person can get through the i...
...mail, the email is not being sent, because the server specified in general mailserver setting is not taken by EnterpriseSecurity Notable Events. Do I need to configure some extra settingsforSplunk...
...EnterpriseSecuritySuite) from etc/shcluster/apps to etc/apps folder Ran the upgrade command – (/opt/splunk/bin/splunk install app ./splunk-enterprise-security_620.spl -update 1) Ran the essinstall command as per the i...
...nstallation with a machine with indexer and SH role, so I need to remove all activities of the SH and move them to the new machine. Is there any documentation on performing such task? The SH also contains Enterprise...
In the Incident Review panel, we select a Notable Event, click on Edit Selected and a form pops up.
I chose the first dropdown, selected "ACKIN" and clicked on Save and was returned:
Unable to c...
...cans tsidx files for the search keywords and uses their location references to retrieve from the rawdata file the events to which those keywords refer. SplunkEnterprise creates a separate set...
Hi, How do Splunk ES create incidents from notable events? I'm aware that a correlaction search in Splunk ES creates a notable event in the "notable" index, but exactly how does it get from here t...