Splunk Enterprise Security

Discussions

Thread Info

Anatomy of a Successful Migration with Pizza Hut

by Splunk Employee in

SPL to output Time To Resolution for Incidents by Urgency

So, I have been struggling with this for a few days. I have thrown it against generative AI and not getting exactly w...

by Path Finder in

Palo Alto and Checkpoint Event based detections

Hello, I see there are lots of Cisco event based detections and not many palo alto or checkpoint (fw, ids/ips, ...

by Engager in

"All time" time range in notable drilldown search

Hello fellow ES 8.X enjoyer. We have a few Splunk Cloud customer that got upgrade to ES 8.1. We have noticed that a...

by Explorer in

Exam: Splunk Enterprise Security Admin (SPLK-3001)

Hello Splunker, I hope you all are doing well. I prepare to take the SPLK-3001 Exam, and I want to know the ...

by Path Finder in

Add-ons for microsoft products

I would appreciate help from anyone who has encountered a similar problem: We are using Microsoft's E5 licensing w...

by Explorer in

Splunk not taking updated certificate server.pem

We noticed this morning that all the certificates for our Splunk servers are expired since a week (discovered whilst ...

by Explorer in

ClusterManager Peer connection failed

what does indicates 06-19-2025 11:09:33.046 +0000 ERROR AesGcm [65605 MainThread] - Text decryption - error in ...

by Loves-to-Learn in

Access Finding/Investigation notes in ES 8

Hi there, we're currently migrating to ES 8 and need to see Work Notes (comments) provided by analysts in some dash...

by Explorer in

Error saving event-based detection. Missing detection_id for the detection=

Unable to update and save detections after upgrading to Splunk ES version 8.1.0. It says Detection ID is missing. ...

by Engager in

Cannot add column to Analyst Queue in Enterprise Security 8.1

Hello, I have problem with Analyst queue: I am not able to add column to Analyst Queue in GUI. When I do this (us...

by Path Finder in

Correlation Search: Next Step: Ping - NSLOOKUP - Risk Analysis

Hi,I tried to use the Next Step of the correlation search: Ping - NSLOOKUP - Risk AnalysisI was lucky to find the res...

by Path Finder in

Enterprise Security Correlation Searches are not updating the risk index

We recently updated from Enterprise Security 7.3.2 to 8.0.4 Correlation searches are not updating the risk ind...

by Engager in

Reg to Download of ES

I'm having Developer License but I'm unable to download the ES.Can any one help me in this.?

by New Member in

Finding based finding / Risk based alerting not working properly

Hi there, In Mission Control in our properly working Splunk environment, we see the following: This is exa...

by Loves-to-Learn Lots in

Summarization searches not running on search head cluster

Hello We deployed a new Splunk cluster containing a Cluster Manager, 3x SHC members, 6x Indexers. The cluster has h...

by Engager in

How to integrate NextDNS with Splunk using NextDNS (Community App)

Hi Team, Could you help me integrating NextDNS (Community App) with Splunk. I have downloaded and configured the ap...

by Engager in

DMA - datamodel artifacts filling up the dispatch dir

As the default ES DMA schedule is every 5min, and the ACCELERATE_DM_Splunk_SA_CIM*ACCELERATE jobs TTL is 24h, our dis...

by Builder in

Asset and identity from multiple domains

Hello I have a search head configured with assets and identity from current ad domain. I have 5 more ad domains w...

by Explorer in

Splunkcloud ES - Missing an additional field in a notable event

Hi Team, I have a notable event (Excessive Failed Logins on Multiple Targets) that I'm expecting to see the "dest" ...

by Explorer in

Failing to add Threat Intelligence Feed to Splunk Enterprise Security with custom HTTP Authorization Header

Hi I would like to add an additional Threat Intelligence Feed to the collection of the Intelligence Downloads in En...

by Engager in

Enterprise Security

Hi,We are using Splunk Enterprise on-premise.Now, I launched another one with a trial license and I would like to tes...

by Engager in

Splunk Snowflake Integration, but other was around

Context:We have SPlunk ES setup on-prem.We want to extract the required payloads through queries, generate scheduled ...

by Loves-to-Learn in

Veterans Program? Splunk Enterprise Security (ES)

Is there a Special Log In for Veterans Workforce Program? Am I currently signed in as a regular user? I signed u...

by New Member in

Help with Retrieving Bulk Incident Data via REST API and Customizing Webhook Notifications in Splunk

Hi everyone, I'm working on improving our incident response and monitoring setup using Splunk, and I have a few que...

by Engager in

Idenities auto lookup in Splunk enterprise security

Hello All, I have a question which I am not able to find an answer for. Hence looking for ideas, suggestions etc fr...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Anatomy of a Successful Migration with Pizza Hut

SPL to output Time To Resolution for Incidents by Urgency

Palo Alto and Checkpoint Event based detections

"All time" time range in notable drilldown search

Exam: Splunk Enterprise Security Admin (SPLK-3001)

Add-ons for microsoft products

Splunk not taking updated certificate server.pem

ClusterManager Peer connection failed

Access Finding/Investigation notes in ES 8

Error saving event-based detection. Missing detection_id for the detection=

Cannot add column to Analyst Queue in Enterprise Security 8.1

Correlation Search: Next Step: Ping - NSLOOKUP - Risk Analysis

Enterprise Security Correlation Searches are not updating the risk index

Reg to Download of ES

Finding based finding / Risk based alerting not working properly

Summarization searches not running on search head cluster

How to integrate NextDNS with Splunk using NextDNS (Community App)

DMA - datamodel artifacts filling up the dispatch dir

Asset and identity from multiple domains

Splunkcloud ES - Missing an additional field in a notable event

Failing to add Threat Intelligence Feed to Splunk Enterprise Security with custom HTTP Authorization Header

Enterprise Security

Splunk Snowflake Integration, but other was around

Veterans Program? Splunk Enterprise Security (ES)

Help with Retrieving Bulk Incident Data via REST API and Customizing Webhook Notifications in Splunk

Idenities auto lookup in Splunk enterprise security

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Splunk Developers: Go Beyond the Dashboard with These .Conf25 Sessions

Index This | How do you write 23 only using the number 2?

Correlation Search: Next Step: Ping - NSLOOKUP - R...

Finding based finding / Risk based alerting not wo...

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions