×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Sankar
Explorer
Member since: ‎01-24-2025
‎07-15-2025
Community Statistics
Posts 8
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎01-24-2025
Activity Feed
View All

Confluence Audit Logs Integration with splunk- Req...

by in Splunk Cloud Platform
‎07-15-2025 06:22 AM
‎07-15-2025 06:22 AM
Could you please advise Is there any Splunk Cloud security policy or best practice guidance on onboarding external data sources when the integration requires admin-level permissions at source? Does Splunk recommend or require any formal risk review or CCSA-like process for such cases? Do you have any documentation or recommendations to share with us to justify this elevated access for log collection? Any alternatives or Splunk add-ons/plugins that could achieve the same without needing admin-level permissions? ... View more

Re: citrix VDI & WAF logs onboarding into splunk

by in Splunk Enterprise
‎04-23-2025 06:44 AM
‎04-23-2025 06:44 AM
Thanks for reply. it will helpful information, currently working with this, lets update once its been done. I am looking Citrix WAF logs onboard into the splunk. do you have any suggestions? ... View more

citrix VDI & WAF logs onboarding into splunk

by in Splunk Enterprise
‎04-21-2025 05:19 AM
‎04-21-2025 05:19 AM
Hi All, I am looking for help onboard citrix VDI logs & Citrix WAF logs into the splunk. Splunk add on not available. also we got confirmed splunk support. can anyone help & guide what is best practice onboard citrix VDI & WAF logs. much appreciated if you have solutions.   ... View more
Labels

Re: Splunk query for use case onboarded

by in Splunk Enterprise Security
‎01-28-2025 01:50 AM
‎01-28-2025 01:50 AM
Hi @gcusello  do we have any reference guide from splunk? or servicenow? ... View more

Re: Splunk query for use case onboarded

by in Splunk Enterprise Security
‎01-24-2025 09:58 AM
‎01-24-2025 09:58 AM
Hi @gcusello  I understand your points. As a Splunk SME i have created the rules and urgency values has been set in correlation search. but do we really need Asset/Identity management? Ass/IM taking care by different teams.  I have enabled use cases & its triggered alerts also, only thing is we are unable to see Urgency Field values. what is the best practice to view urgency filed? Thank you so much for responding my queries.  ... View more

Re: Splunk query for use case onboarded

by in Splunk Enterprise Security
‎01-24-2025 08:31 AM
‎01-24-2025 08:31 AM
Hi @gcusello  First case query its working. but urgency field i don't see any severity.  all alerts urgency field is empty only. but in the rule we set under Adaptive response actions--> notable -->severity value. (Ex High, Medium, Low, informational) we have 40+ indexes so i want to each alert for Search Name, Index, Urgency, count. hope you can able to share right info. ... View more

Re: Splunk query for use case onboarded

by in Splunk Enterprise Security
‎01-24-2025 05:55 AM
‎01-24-2025 05:55 AM
Thanks @gcusello  its working.  i want to filter each alert, based on Urgency like (High, Medium, Low, informational)  I tried below query but its not working. | fields Title Urgency | table Title Urgency   ... View more

Splunk query for use case onboarded

by in Splunk Enterprise Security
‎01-24-2025 04:57 AM
‎01-24-2025 04:57 AM
we have 100+ use cases onboarded into splunk ES. also we are receiving the alerts few of them but i want to know exact count how many use cases onboarded into the splunk in that how many triggered the alerts? much appreciated any one guide.  ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-15-2025 06:20 AM
Karma given to
View All