Hi,
This question relates to:
- Splunk Enterprise 6.4.1
- Splunk Enterprise Security 4.1.1
I am trying to generate a list of existing correlationsearches which includes the following d...
We are using ES with a datamodel that has the base constraint:
(`cim_Malware_indexes`) tag=malware tag=attack
This drives correlationsearches like: Endpoint - Recurring Malware I...
Greetings
we have the following versions : Splunk 6.5.2/ES 4.5.0/CIM 4.6.0
When we use the macro on its own in thesearch, it links and shows expected results. Also, when we use the same correlation...
I'm creating correlationsearches from scratch in the latest version of ES. Thesearch results include fields that don't show up in the notable event (in the incident review dashboard). I'd like the...
Using ESS 3.1.1 on Splunk 6.1.4, I can create a correlationsearch with an Umlaut in its name, such as "my cörrelation search". Saving it works fine, and it'll execute according to its schedule, g...
I'm seeing the error below under messages in my Splunk enterprise console:
Missing or malformed messages.conf stanza for TCPOUT:FORWARDING_BLOCKED_Indexer IP ADDress_default-autolb-group DC-Host N...
I have a number of hourly correlationsearches which trigger on Office 365 API events for use cases such as suspicious authentication attempts, file downloads, etc.
The problem I run into is t...
First time posting here, and I'm a new user to Splunk. I'd love to get some advice on setting up an alert.
I want it to trigger at 8am, 12pm, 4pm, and 8pm. I've set my Cron schedule to "* 8...
Hi, i faced a little issue when i configured " Identities and assets" . After the configuration, the Asset Center and Identity Center dashboard in ES do not work. knowing that : The&n...
How do you install and configure the Splunk for Cisco Security app found here:
http://www.splunkbase.com/apps/All/4.x/App/app:Splunk+for+Cisco+Security