×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
greenpebble
Explorer
Member since: ‎01-14-2025
‎01-22-2025
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎01-14-2025
Activity Feed
View All

es_notable_events Query

by in Splunk Enterprise Security
‎01-22-2025 09:21 AM
‎01-22-2025 09:21 AM
Hi folks, Looking to use es_notable_events as a way of building out a panel that will get info on ES events for the past 7 days, specifically how many alerts were closed by the team and what the alert name is. The search I am using is as follows: | `es_notable_events` | search timeDiff_type=current | stats sparkline(sum(count),30m) as sparkline,sum(count) as count by rule_name | sort 100 - count | table rule_name, count This works perfectly for the past 48 hours but it doesn't go back as far as a week (a known limitation when using es_notable_events apparently!). My question is, are there any altenative searches that I can run that will get these results? ... View more
Labels

Re: Splunk Test Server License Issue

by in Alerting
‎01-14-2025 05:03 AM
‎01-14-2025 05:03 AM
It is the admin acc that I am trying to log in with and the issue is still persisting.  ... View more

Splunk Test Server License Issue

by in Alerting
‎01-14-2025 02:06 AM
‎01-14-2025 02:06 AM
I am getting the following error message whenever I try to login to my Splunk test environment: user=************** is unavailable because the maximum user count for this license has been exceeded.  I think this is because of a new license I recently uploaded to this box. As the old license was due to expire I recently got a new free Splunk license (10GB Splunk Developer License). I received/uploaded it to the test box on Friday, 3 days before the old one was due to expire. I then deleted the old license that day despite it having a few additional days. On Sunday (the day the old license was due to expire), I started getting this login issue. As I can't get past the login screen I can't try and reupload a different license, etc.  Any suggestions?  ... View more

Setting up email alerts for Enterprise Security

by in Alerting
‎01-14-2025 01:46 AM
‎01-14-2025 01:46 AM
Hi there,  I'm looking to setup an automated email that will trigger any time a new alert comes into Incident Review in Splunk ES (using Splunk>enterprise). The idea is for the team to be notified without having the Incident Review page open and improve response time. I know I can set emails individually when a alert triggers, but this would be for every 'new' alert (there are some alerts that are autoclosing) that comes in or with an option to only target high urgency alerts based on volume.  Any advice would be appreciated!   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎01-22-2025 12:49 PM
Top