...reated commands.conf that i had put in the apps local folder to push.
[fit]
is_risky = false
According to the docs, i assumed that this would just disable the warning for using that command. A...
I have upgraded my Splunk Enterprise to 9.0 and we now get warning like this:
Some visualizations have not loaded since we detected usage of riskycommands in the query.
This is OK, and I n...
Is it possible to check if a certain field is a multi-value field?
I'm rewriting some old searches. They contain a few mvexpand commands, but I'm not sure whether this is necessary or not.
I...
All,
Below is a link to the new SPL Safeguards feature that came out it 6.4. It is set up to warn users about dangerous commands to review before running.
I would like to know if this can be c...
...bsp;
These commands can return sensitive data that a role with field filters might not be allowed to access. They might pose a potential security risk for your organization if someone with malicious i...
...eed to add all metaData fields to each event within of the same file. example for input:
Output-Splunk table, row for each event + add the metadata columns to each row.
do it for all f...
...amiliarity with SPL (commands of value: rex, eval, foreach, lookup, makeresults, autoregress) Tuning of the risk scoring Getting the SOC involved (they are the ones intimately involved with all the n...