Hi all,
So i have added the edit_timeline role to a user and they can create an investigation, but after you click "start investigation" they are greeted with a "failed to retrieve investig...
Hi All, I'm trying to find the credit card details in the logs with all in one regex expression. But I was also getting some other data too like timestamp data as it has more than 12digits and some r...
I have received a message saying today that my license using is nearly 3 times my limit. I cannot find anything in particular that is causing this. My current 1GB/day Enterprise license seems to be v...
I understand we can use the following to look at the investigations created which are 'Active'.
|inputlookup append=t investigative_canvas_lookup
|inputlookup append=t investig...
I would like to have a list of all the hosts (over some period of time, presumably) and the sources that they've generated logs entries with. A simple table format would work, so there'd be 10 l...
Hi all,
I'm attempting to develop a regex that will pick up on a value contained in [ ] brackets (see below):
Log value
year number time:time:time 00 AAA0 Blah Blah Blah Blah Blah: [X] to [Y...
...he 7.3.0 tag.
That introduced the following error:
sh: 1: cannot create /opt/container_artifact/splunk-container.state: Permission denied
What changed between 7.2.0 and 7.3.0 to cause t...
Hi Does anyone have examples of how to use Splunk enterprise to investigateandcontain ransomware? I would like to detect it quickly - any recommendations?
Can you share any logs from real r...