Alerting

Alert not loading- what does this mean?

So76
Explorer

I am new to splunk. So I got this message that is attached when I click a link

(|loadjob scheduler__hgt2_c3BsdW5rX2ludGVybmFsX21ldHJpY3M__RMD5c1adf444890fb9a1_at_1645171200_579 | head 1 | tail 1)

index=*** sourcetype=***:channel:threats* tag=malware threatInfo.analystVerdict=undefined threatInfo.incidentStatus=unresolved threatInfo.mitigationStatus=mitigated | table _time action dest user signature file_name version description

Saved Search [Detections Handled by SentinelOne]: number of events (1) 

 

I get the attached message.

Can anyone explain how to resolve this?

Labels (1)
0 Karma

SanjayReddy
SplunkTrust
SplunkTrust

hi  @So76 

1. Job that you are trying to access , is still available or expired ? you can check for expiry date from searches, reports and alerts, please find following example screenshot
SanjayReddy_0-1645593835076.png

2. do you have required access to view the data for that report/alert , did you able to view it under search reports alerts?


3. alternately you can directly  access search results of report/alert by  going to search reports alerts

SanjayReddy_4-1645594212629.png
searching the for required alert/report name  and click view recent 

SanjayReddy_2-1645594009922.png

and click on name to view the result

SanjayReddy_0-1645593835076.png

0 Karma

tshah-splunk
Splunk Employee
Splunk Employee

Hey @So76,

You can open the Job inspector and see what exactly is the error and why is the scheduled search results not loading. Open the search.log from the Job Inspector page and search for the "ERROR" keyword. You will be able to identify the reason for not displaying the results.

---
If you find the answer helpful, an upvote/karma is appreciated

So76
Explorer

Was helpful, will escalate with splunk support to fix it

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...