Solved: After upgrading Splunk Enterprise Security from 3....

silasbarnesva · ‎01-03-2016

Hi all,

Just upgraded Enterprise Security 3.0.1 to 4.0.1, all went well with the exception of one outstanding item. The Notable Events by Urgency dashboard listed under Security Posture remains unpopulated, listing No results found.

I know there are notable events there, as the remaining dashboards populate, and all events are listed under the Incident Review section.

Any suggestions as to where I should be looking to get this dashboard repopulated? I can't imagine it's a wait-to-fix scenario due to the upgrade as all the notable events are already there (and continuing to be created). Any tips much appreciated.

Thanks,

SB

silasbarnesva · ‎01-14-2016

Update: It seems as though our Splunk ES setup was not in a great working state, so we simply performed a fresh install of Enterprise followed by the latest ES and all is well.

This can be closed now.

View solution in original post

silasbarnesva · ‎01-14-2016

Update: It seems as though our Splunk ES setup was not in a great working state, so we simply performed a fresh install of Enterprise followed by the latest ES and all is well.

This can be closed now.

After upgrading Splunk Enterprise Security from 3.0.1 to 4.0.1, why does the "Notable Events by Urgency" dashboard display "No results found"?

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...