I have installed the latest splunk with Splunk enterprise security on it.
I have worked with enterprise security before, and there were some filters available to filter incidents, now in this version 7.3.0 there are no filters,
Is there anything wrong I am doing?
@Nawab , Please try below : https://docs.splunk.com/Documentation/ES/7.3.0/Admin/CustomizeIR
In the Splunk Enterprise Security app, select Configure.
Select General and then select General Settings.
Go to Enhanced Incident Review workflow panel.
Select Turn off.
@Nawab , Please try below : https://docs.splunk.com/Documentation/ES/7.3.0/Admin/CustomizeIR
In the Splunk Enterprise Security app, select Configure.
Select General and then select General Settings.
Go to Enhanced Incident Review workflow panel.
Select Turn off.
Hello, thanks for solution, so "enhanced" view removes those useful filters, strange...
@splunkreal , the filters are still there but at each individual column level, you can use those to apply filters.
this works fro me
Hi @Nawab ,
good for you, see next time!
Ciao and happy splunking
Giuseppe
P.S.: Karma Points are appreciated by all the contributors 😉
Yes, i am talking about the incident review dashboard of version 7.3.0, and I tried clicking it multiple times, still same. Also opened a case with splunk support
Hi @Nawab,
I have only 7.2 version, but this issue is really strange because I don't think that Splunk remoived filters from this dashboard.
I suppose that the Splunk Support should help you.
Ciao.
Giuseppe
yes the dashboard of enterprise security and its filters
Hi @Nawab,
in Enterprise Security there are many dashboards:
the filters you shared seem to be the ones in the Incident Review dashboard.
Did you tried to click two times the Hide Filters button?
Ciao.
Giuseppe
These are options i want
Hi @Nawab,
which dashboard are you speaking of?
in the Incident Review dashboard, the filters are the ones you shared.
Ciao.
Giuseppe