Hello community, I have come across the issue when I got identical token generated for SOAR user "REST" that I am using for SIEM-SOAR integration and the same was in theSplunkappfor SOAR. When I...
Hi,
I've hit a bit of a road block trying to set up some custom correlation searches, which are very similar to others that work successfully.
The data model is configured and generates e...
Hello,
I have installed thesplunk enterprise free version on my pc and i have installed theappSplunkappfor lookup file edting but unfortunatly doesn't works.
When i try to upload a f...
Hi,
I have complex events in files forwarded from Windows hosts with Universal Forwarders.
These files are zip-compressed, and have "TRA" in filename.
They look similar to this:
2...
...ccess_log] sourcetype=access_combined index = apache [monitor:///var/log/httpd/error_log] sourcetype=apache:error index = apache When I search for this Linux server on Splunk. there are way many s...
...ime - high number of skipped/deferred scheduled searches
How can I provide Splunk Support the right diagnostics to solve my problem and determine root cause?
I installed theSplunkAppfor SOAR Export app on Splunk, and I can see two alert options in manage alerts, namely 'Run Playbook in SOAR' and 'Send to SOAR'. However, when I go to add an alert a...
I am new to Splunk and trying to troubleshootthe "splunk newbies" dreaded "Search peer 'xxx' has the following message: Too many streaming errors to target='target':9997. Not rolling hot buckets o...
Hi,
I have a problem on the search head - on some reports, emails are not sent
In _internal I see events:
SavedSplunker - alert_actions="email", sid="...", suppressed=0, thread_id="A...