cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
sajohnson6
Explorer
Member since: ‎10-02-2019
‎01-04-2023
Community Statistics
Posts 6
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎10-02-2019
Activity Feed
View All

How do I stop Multiple Analysts from grabbing the ...

by in Splunk Enterprise Security
‎01-04-2023 11:28 AM
‎01-04-2023 11:28 AM
We have several analysts in multiple locations that are working from the same Incident Review channel.  After someone takes it, how do I stop multiple analysts grabbing the same event?     Thanks in advance- ... View more

Re: Trigger an email alert when status code is oth...

by in Alerting
‎01-20-2022 05:25 AM
‎01-20-2022 05:25 AM
I agree with Skrajkumar, the only other suggestions I would offer is if you are looking for an http status code, I would do status!=2*, that way it ignores all 2xx HTTP responses. ... View more

Re: Incident Review Auto-Refresh

by in Splunk Enterprise Security
‎01-19-2022 10:47 AM
‎01-19-2022 10:47 AM
We were using the real-time feature until we upgrade to 6.6.2.  Apparently after version 6.6.0, real-time searches are no longer supported.  I've asked the question again and had a co-worker reach out to our contact @ Splunk to see if we are missing something.  In the mean time, I've created a dashboard using the `notable` macro and tailoring it to our needs.  The panel that is looking for new events updates every 2 minutes, and has a drill down built in that allows the analyst to click the event which re-directs them to a preconfigured incident review page.  From there they can work the events.  I hope there is another solution, but this way works for now.  ... View more

Enterprise Security Incident Review Auto Refresh

by in All Apps and Add-ons
‎01-19-2022 07:22 AM
‎01-19-2022 07:22 AM
We just upgraded from Enterprise Security 6.4.x to 6.6.2.  In version 6.4, we were able to run real-time searches, pause the search grab and work the notable.  We upgraded to 6.6.2 and now that feature no longer exists.  I don't see an auto refresh option on version 6.6.2, so my question is how can I get the Incident Review dashboard to auto refresh so we don't have to do it manually?     Thanks in advance. Scott ... View more

Re: What are some cool things you've implemented i...

by in Deployment Architecture
‎01-06-2021 04:10 AM
‎01-06-2021 04:10 AM
Happy New Year All.. Can you elaborate more on the rebuild of ArcSight SIEM implementation in core Splunk? ... View more

How to use a CSV file to search indexes

by in Getting Data In
‎10-02-2019 07:29 AM
1 Karma
‎10-02-2019 07:29 AM
1 Karma
I have a CSV file already located on our Splunk instance with about 20000 IP's. I would like to use this file to search against our indexed firewall events. I've tried using the join command, it does return some results, but it never finishes. Does anyone know another way to do this? Thanks in advance. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-04-2023 02:49 PM
Karma from
View All