...og files from server 2 and server 3
My current input definitely will index duplicate data since all three servers will be hitting the network storage at a time, which may easily break s...
Pondering if the prohibited_traffic.csv lookup used by SA-NetworkProtection in EnterpriseSecurity could be updated to have the src_ip and dest_ip columns to allow me to define acceptable usage of a...
Experts,
When I try to schedule PDF for a report, I get the following error after I set the cron
"Yournetwork connection may have been lost or Splunk may be down." and all my search heads s...
...EnterpriseSecuritySuite) from etc/shcluster/apps to etc/apps folder Ran the upgrade command – (/opt/splunk/bin/splunk install app ./splunk-enterprise-security_620.spl -update 1) Ran the essinstall command as per the i...
Hi,
I'm a real Splunk novice, so apologies if this is a silly question. I've installed SplunkEnterprise, and ES in a test lab. Due to security, I'm unable to export any logs from the production network...
We have some new logs we would like to import.
These logs seem to contain all the fields of network traffic, but it was requested to also show them as authentication. Is it best practice to tie i...
...ecords (ip, dns)
DHCP Records (ip,mac, dns)
Windows Security Authentication (nt_host, owner)
Network Identity Services (ip, owner)
The savedsearch just concatenates the lists, no m...
We are running the latest update for SplunkEnterpriseSecurity, which includes the new "Cloud Security" option., In Cloud Security, I can see some data when using the "Microsoft 365 Security O...
I want to add a new Security Domain called "Email" in EnterpriseSecurity (ES) App and later map it to notables. Right now "Threat", "Network", "Identity" are among a few that are available. Is t...