Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Anatomy of a Successful Migration with Pizza Hut

by Splunk Employee in

"All time" time range in notable drilldown search

Hello fellow ES 8.X enjoyer. We have a few Splunk Cloud customer that got upgrade to ES 8.1. We have noticed that a...

by Explorer in

Enterprise Security Correlation Searches are not updating the risk index

We recently updated from Enterprise Security 7.3.2 to 8.0.4 Correlation searches are not updating the risk ind...

by Engager in

Reg to Download of ES

I'm having Developer License but I'm unable to download the ES.Can any one help me in this.?

by New Member in

Finding based finding / Risk based alerting not working properly

Hi there, In Mission Control in our properly working Splunk environment, we see the following: This is exa...

by Loves-to-Learn Lots in

Summarization searches not running on search head cluster

Hello We deployed a new Splunk cluster containing a Cluster Manager, 3x SHC members, 6x Indexers. The cluster has h...

by Engager in

ClusterManager Peer connection failed

what does indicates 06-19-2025 11:09:33.046 +0000 ERROR AesGcm [65605 MainThread] - Text decryption - error in ...

by Observer in

How to integrate NextDNS with Splunk using NextDNS (Community App)

Hi Team, Could you help me integrating NextDNS (Community App) with Splunk. I have downloaded and configured the ap...

by Engager in

Access Finding/Investigation notes in ES 8

Hi there, we're currently migrating to ES 8 and need to see Work Notes (comments) provided by analysts in some dash...

by Explorer in

DMA - datamodel artifacts filling up the dispatch dir

As the default ES DMA schedule is every 5min, and the ACCELERATE_DM_Splunk_SA_CIM*ACCELERATE jobs TTL is 24h, our dis...

by Builder in

Asset and identity from multiple domains

Hello I have a search head configured with assets and identity from current ad domain. I have 5 more ad domains w...

by Engager in

Splunkcloud ES - Missing an additional field in a notable event

Hi Team, I have a notable event (Excessive Failed Logins on Multiple Targets) that I'm expecting to see the "dest" ...

by Explorer in

Failing to add Threat Intelligence Feed to Splunk Enterprise Security with custom HTTP Authorization Header

Hi I would like to add an additional Threat Intelligence Feed to the collection of the Intelligence Downloads in En...

by Engager in

Enterprise Security

Hi,We are using Splunk Enterprise on-premise.Now, I launched another one with a trial license and I would like to tes...

by Engager in

Splunk Snowflake Integration, but other was around

Context:We have SPlunk ES setup on-prem.We want to extract the required payloads through queries, generate scheduled ...

by Loves-to-Learn in

Veterans Program? Splunk Enterprise Security (ES)

Is there a Special Log In for Veterans Workforce Program? Am I currently signed in as a regular user? I signed u...

by New Member in

Help with Retrieving Bulk Incident Data via REST API and Customizing Webhook Notifications in Splunk

Hi everyone, I'm working on improving our incident response and monitoring setup using Splunk, and I have a few que...

by Engager in

Idenities auto lookup in Splunk enterprise security

Hello All, I have a question which I am not able to find an answer for. Hence looking for ideas, suggestions etc fr...

by Explorer in

Switching HEC from HTTP to HTTPS with Let’s Encrypt on Windows (On-Prem)

Environment: Splunk Enterprise 9.x (Windows, On-Prem)Domain: mydomain.duckdns.org (via DuckDNS)Certbot for Let’s En...

by Loves-to-Learn Lots in

Upgrade to ES8 - Investigations are not shown in MissionControl

Hi We upgraded our ES7 to ES8 onprem and are testing it. We currently have the issue, that the created invest...

by Engager in

Splunk Enterprise security & ESCU: Customization of ESCU and upgrades

hi folks, the scenario is like below - have Enterprise security (ESS) in Splunk cloud + ESCU (content updates) as p...

by Super Champion in

How to insert ESCU detections via REST API into Splunk ESS?

We have automation to insert /saved/searches endpoint and all is good. Also current have quite lot of custom Splunk...

by Super Champion in

Enterprise Security on SHC

I have installed ES on deployer as suggested by splunk docs, then transfered this app to /opt/splunk/etc/shcluster/ap...

by Communicator in

How do I open a support case when one of the required fields is not available to change?

Support Portal is broke and I am unable to submit a case due to one of the required fields being unable to select (se...

by Explorer in

Has anyone used finding-based detection on ES 8.0 (On-Prem)?

I am trying to create a new finding-based detection to group findings together when the risk score exceeds a threshol...

by Explorer in

Can Splunk read a CSV file and automatically upload it as a lookup?

Can Splunk read a CSV file located on a remote server using a forwarder and automatically upload it as a lookup?what ...

by Loves-to-Learn Lots in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Anatomy of a Successful Migration with Pizza Hut

"All time" time range in notable drilldown search

Enterprise Security Correlation Searches are not updating the risk index

Reg to Download of ES

Finding based finding / Risk based alerting not working properly

Summarization searches not running on search head cluster

ClusterManager Peer connection failed

How to integrate NextDNS with Splunk using NextDNS (Community App)

Access Finding/Investigation notes in ES 8

DMA - datamodel artifacts filling up the dispatch dir

Asset and identity from multiple domains

Splunkcloud ES - Missing an additional field in a notable event

Failing to add Threat Intelligence Feed to Splunk Enterprise Security with custom HTTP Authorization Header

Enterprise Security

Splunk Snowflake Integration, but other was around

Veterans Program? Splunk Enterprise Security (ES)

Help with Retrieving Bulk Incident Data via REST API and Customizing Webhook Notifications in Splunk

Idenities auto lookup in Splunk enterprise security

Switching HEC from HTTP to HTTPS with Let’s Encrypt on Windows (On-Prem)

Upgrade to ES8 - Investigations are not shown in MissionControl

Splunk Enterprise security & ESCU: Customization of ESCU and upgrades

How to insert ESCU detections via REST API into Splunk ESS?

Enterprise Security on SHC

How do I open a support case when one of the required fields is not available to change?

Has anyone used finding-based detection on ES 8.0 (On-Prem)?

Can Splunk read a CSV file and automatically upload it as a lookup?

Splunk Answers Content Calendar, July Edition I

Secure Your Future: Mastering Upgrade Readiness for Splunk 10

Observability Unlocked: Kubernetes & Cloud Monitoring with Splunk IM

Finding based finding / Risk based alerting not wo...

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions