...mplementation?
1) What logs can you monitor with the EnterpriseSecurity app?
2) With switches, routers, etc. sitting remotely do you recommend having a Splunkinstance running on the remote location and u...
Hi all,
So i have added the edit_timeline role to a user and they can create aninvestigation, but after you click "startinvestigation" they are greeted with a "failed to retrieve investigation...
Is there a way to update the default collection or create a custom collection of swimlanes for the investigator dashboards for Splunk for EnterpriseSecurity?
For example, Asset Investigator has t...
...anagement page, that particular correlation search type is showing as a saved search, and while I try to edit it, it's opening in saved search window.
I noticed this is happening only for some A...
I have a notable event seen inSplunkEnterpriseSecurity's Security Posture dashboard.
I have reviewed it and determined it to be a false positive.
I want to remove it from view on the Security...
After upgrade to SplunkEnterpriseSecurity v 5.3.1, fail on startup with the following error:
[root@splunk02 bin]# ./splunkstartSplunk> Another one.
Checking prerequisites......
Some users reported that the investigations functionality is not available for them in the EnterpriseSecurity app. What role/capability should I assign to them?
I am looking for advices on how to plan the backup and storage of "My Investigations" data in the SplunkEnterpriseSecurity (ES).
Two questions regarding this:
1- How to configure and manage t...
...croll to the bottom to see it. The issue doesn't occur until you sort any column or adjust the number per page.
Does anyone else have ES 5.2.0 and see this issue? It makes reviewing investigations a b...