Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Enterprise security Filters

Nawab
Path Finder
‎02-13-2024 10:57 PM

I have installed the latest splunk with Splunk enterprise security on it.

I have worked with enterprise security before, and there were some filters available to filter incidents, now in this version 7.3.0 there are no filters, 

 

Is there anything wrong I am doing?

Nawab_0-1707893721812.pngNawab_1-1707893820624.png

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bharathkumarnec
Contributor
‎02-29-2024 04:46 AM

@Nawab , Please try below : https://docs.splunk.com/Documentation/ES/7.3.0/Admin/CustomizeIR

In the Splunk Enterprise Security app, select Configure.

Select General and then select General Settings.

Go to Enhanced Incident Review workflow panel.

Select Turn off.

View solution in original post

Reply
Solved! Jump to solution
Solution

bharathkumarnec
Contributor
‎02-29-2024 04:46 AM

@Nawab , Please try below : https://docs.splunk.com/Documentation/ES/7.3.0/Admin/CustomizeIR

In the Splunk Enterprise Security app, select Configure.

Select General and then select General Settings.

Go to Enhanced Incident Review workflow panel.

Select Turn off.

Reply
Solved! Jump to solution

splunkreal
Motivator
‎03-02-2024 06:19 AM

Hello, thanks for solution, so "enhanced" view removes those useful filters, strange...

* If this helps, please upvote or accept solution 🙂 *
0 Karma
Reply
Solved! Jump to solution

bharathkumarnec
Contributor
‎03-02-2024 09:43 AM

@splunkreal , the filters are still there but at each individual column level, you can use those to apply filters.

0 Karma
Reply
Solved! Jump to solution

Nawab
Path Finder
‎02-29-2024 04:52 AM

this works fro me

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-29-2024 05:17 AM

Hi @Nawab ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

0 Karma
Reply
Solved! Jump to solution

Nawab
Path Finder
‎02-13-2024 11:39 PM

Yes, i am talking about the incident review dashboard of version 7.3.0, and I tried clicking it multiple times, still same. Also opened a case with splunk support

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-13-2024 11:43 PM

Hi @Nawab,

I have only 7.2 version, but this issue is really strange because I don't think that Splunk remoived filters from this dashboard.

I suppose that the Splunk Support should help you.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

Nawab
Path Finder
‎02-13-2024 11:19 PM

yes the dashboard of enterprise security and its filters

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-13-2024 11:25 PM

Hi @Nawab,

in Enterprise Security there are many dashboards:

the filters you shared seem to be the ones in the Incident Review dashboard.

Did you tried to click two times the Hide Filters button?

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

Nawab
Path Finder
‎02-13-2024 10:59 PM

Nawab_0-1707893937398.png

These are options i want

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-13-2024 11:18 PM

Hi @Nawab,

which dashboard are you speaking of?

in the Incident Review dashboard, the filters are the ones you shared.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...