Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
97 results
Sort by:
03-01-2019
08:41 AM
...og files from server 2 and server 3
My current input definitely will index duplicate data since all three servers will be hitting the network storage at a time, which may easily break s...
08-29-2024
02:33 PM
...LFF93FRoUwXH_7yitxQiSUhJlZE7Ybmfu&index=3), but I had trouble connecting soar to Splunk because Splunk SOAR and Splunk Enterprise Security are on different networks. In the most common example I came across, SOAR and Splunk Enterprise...
Labels
10-19-2017
12:49 PM
Pondering if the prohibited_traffic.csv lookup used by SA-NetworkProtection in Enterprise Security could be updated to have the src_ip and dest_ip columns to allow me to define acceptable usage of a...
06-24-2025
09:36 AM
I am using Enterprise 9.3.2, ES 8.1.0, and SOAR 6.4.1 to test the pairing function. Both devices are on-premises and in the same subnet, with no network issues between them. However, when I try to u...
Labels
- Labels:
-
using SOAR ⁄ Phantom
03-20-2025
02:38 AM
# Version Information Splunk Security Essentials version: 3.8.1 Splunk Security Essentials build: 1889 Splunk Enterprise Version: 9.3.2 Current MITRE ATT&CK Ver: 16.1 # Issue D...
Labels
- Labels:
-
configuration
-
other
-
troubleshooting
12-04-2015
07:25 AM
Hi,
I'm a real Splunk novice, so apologies if this is a silly question. I've installed Splunk Enterprise, and ES in a test lab. Due to security, I'm unable to export any logs from the production network...
08-02-2017
07:04 AM
...ecords (ip, dns)
DHCP Records (ip,mac, dns)
Windows Security Authentication (nt_host, owner)
Network Identity Services (ip, owner)
The savedsearch just concatenates the lists, no m...
04-02-2014
11:17 AM
We have some new logs we would like to import.
These logs seem to contain all the fields of network traffic, but it was requested to also show them as authentication. Is it best practice to tie i...
09-22-2020
06:11 PM
Hello, Im a newbie. Is there a point in using Splunk Enterprise Security in an air gaped network ? Or should I just use it in outside network ?
- Tags:
- Splunk Enterprise
Labels
- Labels:
-
search peer
-
workload management
08-29-2016
01:03 PM
In Splunk Enterprise Security, the geographically improbable login correlation fires when users on our network transition between ipv4 and ipv6 due to the different latitude fields in the geoip d...
