Activity Feed
- Posted Re: Search for Response Actions for Correlation Searches on Splunk Search. 05-30-2024 08:22 AM
- Karma Re: Search for Response Actions for Correlation Searches for gcusello. 05-30-2024 08:22 AM
- Posted Search for Response Actions for Correlation Searches on Splunk Search. 05-30-2024 07:39 AM
- Tagged Search for Response Actions for Correlation Searches on Splunk Search. 05-30-2024 07:39 AM
- Tagged Search for Response Actions for Correlation Searches on Splunk Search. 05-30-2024 07:39 AM
- Tagged Search for Response Actions for Correlation Searches on Splunk Search. 05-30-2024 07:39 AM
- Tagged Search for Response Actions for Correlation Searches on Splunk Search. 05-30-2024 07:39 AM
- Posted Closing Notable Events - Set Close Datetime on Splunk Enterprise Security. 01-24-2024 08:47 AM
- Tagged Closing Notable Events - Set Close Datetime on Splunk Enterprise Security. 01-24-2024 08:47 AM
- Tagged Closing Notable Events - Set Close Datetime on Splunk Enterprise Security. 01-24-2024 08:47 AM
- Tagged Closing Notable Events - Set Close Datetime on Splunk Enterprise Security. 01-24-2024 08:47 AM
- Tagged Closing Notable Events - Set Close Datetime on Splunk Enterprise Security. 01-24-2024 08:47 AM
- Posted Lookup against an Array on Splunk Search. 11-10-2023 09:57 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
05-30-2024
07:39 AM
Is there a way to run a search for all correlation searches and see their response actions? I want to see what correlation searches create notable events and which ones do not. For example, which ones only increase risk score. I had hoped to use /services/alerts/correlationsearches however it doesn't appear that endpoint exists anymore?
... View more
01-24-2024
08:47 AM
I'm looking to close out (or delete) all notable events that were created prior to a specific date time. The way they're trying to run reports, it is easier to delete them or close them than it would be to filter them from the reports. Is there a way to use an eval query (or similar) or would it be best to use the API to close them? Or am I SOL and I need to filter from the dashboard / report query level?
... View more
Labels
- Labels:
-
administration
11-10-2023
09:57 AM
I'm trying to run a lookup against a list of values in an array. I have a CSV which look as follows: id x y 123 Data Data2 321 Data Data2 456 Data3 Data3 The field from the search is is an array which looks as follows: ["123", "321", 456"] I want to map the lookup value. Do I need to iterate over the field or can I use a lookup or is the best option?
... View more
