Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Import Splunk Enterprise Security and ESCU use cases into Splunk Security Essentials

Is it possible to import Splunk Enterprise Security and ESCU use cases into Splunk Security Essentials? I want to...

by Path Finder in

Update SPLUNK_SA_CIM version

Hi All, I would like to know about the process to update the CIM. I am currently getting the following errors: ...

by Engager in

How do you correlate data from multiple indexes?

I have 2 indexes that have 2 different parts of same data. One index contains http connection details and another con...

by Explorer in

Splunk Enterprise Security: Streaming XML data tag "error"

Hi all, I am new to Splunk and am still trying to figure out everything one step at a time. I have an issue where ...

by New Member in

Correlation Rule: Unauthorized DNS Server Exceptions

Hi, I'm looking at enabling the 'DNS Query Requests Resolved by Unauthorized DNS Servers' rule in Splunk ES - Unfo...

by Explorer in

Splunk Resilient - closing Splunk events

We have our Splunk - Resilient integration mostly working and wanted to add a script in Resilient to update the statu...

by New Member in

Translation of Splunk queries from Plain English to SPL

Hi All, Can we translate our plain English queries to Search Processing Language i.e. SPL, does Splunk provide any...

by Path Finder in

How do I combine tstats and InputLookup in an ES Correlation Rule

I'm looking to add an input lookup to a tstats Datamodel correlation search within Splunk Enterprise Security to tune...

by Explorer in

Getting special character in start of raw message "<86>May 19 14:42:03 xxxxxx ..."

We are getting speacial characters in splunk raw message which is impacting downstream parsing. Can you suggest ways ...

by New Member in

Inputlookup Not matching Data

Hi, I'm trying to make a whitelist for encoded commands which IT Support use and I'm having a problem getting an i...

by Explorer in

How can i set unique hostname on Splunk Windows Forwarder?

Hi Guys, Need help on this... Currently, we have ongoing integration of Splunk forwarder to Deployment Server the ...

by Explorer in

Asset Lookup in Malware Datamodel

We are using ES with a datamodel that has the base constraint: (`cim_Malware_indexes`) tag=malware tag=attack...

by Communicator in

Hi All, I need to collect logs from windows servers in the environment. We have Splunk ES on cloud. What are the options available

We need to decide on the best and easy option to collect all kinds of windows event logs

by Engager in

Creating a simple dashboard on ticket closed count

I have been playing around with creating dashboards and wanted to create one that can count how many tickets have bee...

by New Member in

How to post a csv from a outputlookup to a url

I'm trying to post a csv file that I've generated from a outputlookup to a url. For example http://splunk.test.test2....

by Engager in

Excessive DNS Queries exclude by tag

Hi, I tried to find out how to exclude tags from tstats search. My search is: | tstats summariesonly=true allow_o...

by New Member in

Why does ESS "Incident Review Settings" hangs on "Loading"?

When trying to access Incident Review Settings it just sit there on "Loading". Is there any fix for this? I Have Splu...

by Explorer in

Why is ESS "My Investigations" is not Loading.

When I go to ESS "My Investigations" Section it hangs on Loading. We are at Splunk Enterprise v7.2.3 and Splunk Enter...

by Explorer in

How to output a single result when matching multiple results within a lookup table.

I have an application file imported to be used as a lookup table in order to set the priority on servers within Asset...

by Path Finder in

Monitoring Account Creation in Windows with High Privileges

over ES , any way to monitor windows account assigned with high privilege. I only know of EventID 4672 . What all oth...

by New Member in

Is there an Audit log that tracks changes to content in Splunk Enterprise Security?

We have multiple people making changes to the content in Splunk Enterprise Security and I need to be able to track do...

by Path Finder in

Help me in creating a index.conf for new index.

I am having trouble in creating an index.conf, what could be the issue here I not getting it. check attachment, pleas...

by Path Finder in

trigger correlation rule for past event occurance

there was one event occured yesterday and we have one correlation rules against that. unfortunatley it was not trigge...

by Communicator in

Asset investigator

Dear Experts, I want to achieve below: 1- I want that when I put hostname/server name in asset investigator it ...

by Communicator in

Creating Assets csv file correlating logs from dhcp and Cisco ISE

We are creating assets inventory using different logs in Splunk. For this purpose, we first created list of “nt_host”...

by Engager in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Import Splunk Enterprise Security and ESCU use cases into Splunk Security Essentials

Update SPLUNK_SA_CIM version

How do you correlate data from multiple indexes?

Splunk Enterprise Security: Streaming XML data tag "error"

Correlation Rule: Unauthorized DNS Server Exceptions

Splunk Resilient - closing Splunk events

Translation of Splunk queries from Plain English to SPL

How do I combine tstats and InputLookup in an ES Correlation Rule

Getting special character in start of raw message "<86>May 19 14:42:03 xxxxxx ..."

Inputlookup Not matching Data

How can i set unique hostname on Splunk Windows Forwarder?

Asset Lookup in Malware Datamodel

Hi All, I need to collect logs from windows servers in the environment. We have Splunk ES on cloud. What are the options available

Creating a simple dashboard on ticket closed count

How to post a csv from a outputlookup to a url

Excessive DNS Queries exclude by tag

Why does ESS "Incident Review Settings" hangs on "Loading"?

Why is ESS "My Investigations" is not Loading.

How to output a single result when matching multiple results within a lookup table.

Monitoring Account Creation in Windows with High Privileges

Is there an Audit log that tracks changes to content in Splunk Enterprise Security?

Help me in creating a index.conf for new index.

trigger correlation rule for past event occurance

Asset investigator

Creating Assets csv file correlating logs from dhcp and Cisco ISE

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions