Splunk Enterprise Security

Discussions

Thread Info

Anatomy of a Successful Migration with Pizza Hut

by Splunk Employee in

Splunk Snowflake Integration, but other was around

Context:We have SPlunk ES setup on-prem.We want to extract the required payloads through queries, generate scheduled ...

by Loves-to-Learn in

Veterans Program? Splunk Enterprise Security (ES)

Is there a Special Log In for Veterans Workforce Program? Am I currently signed in as a regular user? I signed u...

by New Member in

Help with Retrieving Bulk Incident Data via REST API and Customizing Webhook Notifications in Splunk

Hi everyone, I'm working on improving our incident response and monitoring setup using Splunk, and I have a few que...

by Engager in

Idenities auto lookup in Splunk enterprise security

Hello All, I have a question which I am not able to find an answer for. Hence looking for ideas, suggestions etc fr...

by Explorer in

Switching HEC from HTTP to HTTPS with Let’s Encrypt on Windows (On-Prem)

Environment: Splunk Enterprise 9.x (Windows, On-Prem)Domain: mydomain.duckdns.org (via DuckDNS)Certbot for Let’s En...

by Loves-to-Learn in

Upgrade to ES8 - Investigations are not shown in MissionControl

Hi We upgraded our ES7 to ES8 onprem and are testing it. We currently have the issue, that the created invest...

by Engager in

Access Finding/Investigation notes in ES 8

Hi there, we're currently migrating to ES 8 and need to see Work Notes (comments) provided by analysts in some dash...

by Explorer in

Splunk Enterprise security & ESCU: Customization of ESCU and upgrades

hi folks, the scenario is like below - have Enterprise security (ESS) in Splunk cloud + ESCU (content updates) as p...

by Super Champion in

How to insert ESCU detections via REST API into Splunk ESS?

We have automation to insert /saved/searches endpoint and all is good. Also current have quite lot of custom Splunk...

by Super Champion in

Enterprise Security on SHC

I have installed ES on deployer as suggested by splunk docs, then transfered this app to /opt/splunk/etc/shcluster/ap...

by Communicator in

How do I open a support case when one of the required fields is not available to change?

Support Portal is broke and I am unable to submit a case due to one of the required fields being unable to select (se...

by Explorer in

Has anyone used finding-based detection on ES 8.0 (On-Prem)?

I am trying to create a new finding-based detection to group findings together when the risk score exceeds a threshol...

by Explorer in

Can Splunk read a CSV file and automatically upload it as a lookup?

Can Splunk read a CSV file located on a remote server using a forwarder and automatically upload it as a lookup?what ...

by Loves-to-Learn Lots in

Receiving blocked=true while syslog/heavy forwarder trying to send data through indexer servers

Hi All, I have 4 Heavy forwarder servers sending data through 5 indexers server1 acts as syslog server whi...

by Path Finder in

Hide specific notables from IR (Incident review) in ES

Hello, we would like to filter ES incident review and hide notables with TEST keyword by example, how to do? Thanks f...

by Motivator in

Unknown users reported in Authetication datamodel

We have an alert showing users that are authenticating after working hours for security reasons, I'm sure y'all famil...

by Observer in

Changing the severity level of a notable ARAs event of a correlation search

Hello, I've recently encountered a problem with the severity level within the ARAs, my current severity level for thi...

by Path Finder in

ES Content Updates for Critical Infrastructure

Good day. I work in a heavily regulated critical infrastructure environment. Our compliance change management require...

by Engager in

Change color table on treshold field

Hello, I'm having a problem with the colouring of a column in my table. I need to colour the AverageExecutionTime c...

by Path Finder in

Calculate MTTA for an analyst

Hello everyone, I need help with determining the time needed from an analyst to investigate the alert and clos...

by New Member in

ES v8.x on cloud Investigations API

All,We are investigating a move from v7 to v8. We currently rely heavily on the Investigation API however per the...

by Engager in

Splunk enterprise certified admin

Hi Folks, Can anyone suggest or help me out on how to get prep for Splunk administration certification course and w...

by Explorer in

Anatomy of a Successful Migration with Pizza Hut

by Splunk Employee in

Enterprise security app

Hello, I am currently working on configuring Splunk Enterprise Security app, I already have data flowing into Splun...

by Communicator in

host value to be picked from the source log file

in regex101.com, tested below REGEX it was working Updated below props.conf and transforms.conf in deployment serve...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Anatomy of a Successful Migration with Pizza Hut

Splunk Snowflake Integration, but other was around

Veterans Program? Splunk Enterprise Security (ES)

Help with Retrieving Bulk Incident Data via REST API and Customizing Webhook Notifications in Splunk

Idenities auto lookup in Splunk enterprise security

Switching HEC from HTTP to HTTPS with Let’s Encrypt on Windows (On-Prem)

Upgrade to ES8 - Investigations are not shown in MissionControl

Access Finding/Investigation notes in ES 8

Splunk Enterprise security & ESCU: Customization of ESCU and upgrades

How to insert ESCU detections via REST API into Splunk ESS?

Enterprise Security on SHC

How do I open a support case when one of the required fields is not available to change?

Has anyone used finding-based detection on ES 8.0 (On-Prem)?

Can Splunk read a CSV file and automatically upload it as a lookup?

Receiving blocked=true while syslog/heavy forwarder trying to send data through indexer servers

Hide specific notables from IR (Incident review) in ES

Unknown users reported in Authetication datamodel

Changing the severity level of a notable ARAs event of a correlation search

ES Content Updates for Critical Infrastructure

Change color table on treshold field

Calculate MTTA for an analyst

ES v8.x on cloud Investigations API

Splunk enterprise certified admin

Anatomy of a Successful Migration with Pizza Hut

Enterprise security app

host value to be picked from the source log file

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Index This | What goes away as soon as you talk about it?

What's New in Splunk Observability Cloud and Splunk AppDynamics - May 2025

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions