Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Splunk Enterprise security Filters

Nawab
Communicator
‎02-13-2024 10:57 PM

I have installed the latest splunk with Splunk enterprise security on it.

I have worked with enterprise security before, and there were some filters available to filter incidents, now in this version 7.3.0 there are no filters, 

 

Is there anything wrong I am doing?

Nawab_0-1707893721812.pngNawab_1-1707893820624.png

 

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bharathkumarnec
Contributor
‎02-29-2024 04:46 AM

@Nawab , Please try below : https://docs.splunk.com/Documentation/ES/7.3.0/Admin/CustomizeIR

In the Splunk Enterprise Security app, select Configure.

Select General and then select General Settings.

Go to Enhanced Incident Review workflow panel.

Select Turn off.

View solution in original post

Reply
Solved! Jump to solution
Solution

bharathkumarnec
Contributor
‎02-29-2024 04:46 AM

@Nawab , Please try below : https://docs.splunk.com/Documentation/ES/7.3.0/Admin/CustomizeIR

In the Splunk Enterprise Security app, select Configure.

Select General and then select General Settings.

Go to Enhanced Incident Review workflow panel.

Select Turn off.

Reply
Solved! Jump to solution

splunkreal
Influencer
‎03-02-2024 06:19 AM

Hello, thanks for solution, so "enhanced" view removes those useful filters, strange...

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply
Solved! Jump to solution

bharathkumarnec
Contributor
‎03-02-2024 09:43 AM

@splunkreal , the filters are still there but at each individual column level, you can use those to apply filters.

0 Karma
Reply
Solved! Jump to solution

Nawab
Communicator
‎02-29-2024 04:52 AM

this works fro me

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-29-2024 05:17 AM

Hi @Nawab ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

0 Karma
Reply
Solved! Jump to solution

Nawab
Communicator
‎02-13-2024 11:39 PM

Yes, i am talking about the incident review dashboard of version 7.3.0, and I tried clicking it multiple times, still same. Also opened a case with splunk support

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-13-2024 11:43 PM

Hi @Nawab,

I have only 7.2 version, but this issue is really strange because I don't think that Splunk remoived filters from this dashboard.

I suppose that the Splunk Support should help you.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

Nawab
Communicator
‎02-13-2024 11:19 PM

yes the dashboard of enterprise security and its filters

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-13-2024 11:25 PM

Hi @Nawab,

in Enterprise Security there are many dashboards:

the filters you shared seem to be the ones in the Incident Review dashboard.

Did you tried to click two times the Hide Filters button?

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

Nawab
Communicator
‎02-13-2024 10:59 PM

Nawab_0-1707893937398.png

These are options i want

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-13-2024 11:18 PM

Hi @Nawab,

which dashboard are you speaking of?

in the Incident Review dashboard, the filters are the ones you shared.

Ciao.

Giuseppe

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...