Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
111 results
Sort by:
06-06-2019
07:07 PM
I am trying to send data from Splunk ES to Phantom
Version is 7.2.6
After downloading Phantom app from Splunk, within that App, in the forwarding option there are 2 selections:
Under event f...
06-22-2022
08:29 AM
Hello,
I am trying to find a native solution in order to monitor the execution of a Phantom Playbook. In case one of the actions fail, or a specific message/data is returned by a custom function, d...
Labels
10-11-2021
06:14 PM
...f we go with one index with multiple sourcetypes also during add-on update, will there be any impact? https://splunkbase.splunk.com/app/4153/
Labels
02-20-2024
02:41 AM
Hi all, We are currently facing an issue with our Splunk SOAR installation Every time that we open the playbook editor, it shows the errors in the screenshot below and all the dropdown and search f...
Labels
- Labels:
-
installation
-
troubleshooting
02-25-2020
02:57 AM
1 Karma
Good morning,
I woud like to test Splunk Phantom Community Edition in my home lab. When I try to install it following the documentation, the following error appears:
About to proceed with Phantom...
- Tags:
- phantom
Labels
- Labels:
-
installation
-
troubleshooting
02-03-2022
06:40 AM
i have Multiple event forwardings enabled on my Phantom App for Splunk that use saved searches to trigger notable events to phantom. I had recently we upgraded the App from ver 4.0.35 to 4.1.73...
Labels
11-18-2022
12:50 AM
Issue: Phantom Add-on for Splunk – is not saving any changes done on Saved searches and below error is observed in logs internally. Error observed in Internal logs : 2022-11-17 17:19:1...
Labels
06-29-2021
09:07 PM
...xternal Splunk instance (both Indexer & Search head) but the Splunk is on Cloud (saas product) 1. My question is would it support for building the Splunk Phantom with out Splunk embedded i...
Labels
- Labels:
-
installation
03-26-2020
02:36 PM
I am using Splunk Enterprise and wish to automatically forward events to Phantom. I am able to send events to Phantom with a saved search using the Phantom add-on. However, to send events to Phantom...
Labels
- Labels:
-
configuration
-
using Phantom
Show results in replies (4)
-
...chedule to be run every minute, instead of real time. I am using Splunk Enterprise 8.0.2 and Phantom 4...
-
The saved search events should be forwarded to Phantom automatically on its own when using the E...
-
I am currently using the Phantom app and a saved search. The data is going to Phantom, but I have t...
-
Then you can save the query in Splunk and use the Phantom app in Splunk. Goto 'export new saved search...
05-25-2020
04:43 PM
...ith this use ease". This answer is that this is my interpretation of the Splunk ES and Phantom integration. I want to be able to use Phantom to collect evidence, conduct additional searches and close t...
- Tags:
- phantom
Labels
