Splunk Enterprise Security

Data Inventory Introspection not completing in 3.0.0


We have upgraded the app to 3.0.0, but now we cant get the Data Inventory Introspection to complete.

In the previous version under the beta tab, there was an additional button to the right of the "play\pause" button. You were also able to expand the status window and manually correct individual searches.

The result is that we cant use the MITRE ATT&CK framework view any more. Nothing is being shown as active content.


I also had problems with the Data inventory after an update.
I found that the Data in my kv store lookup "data_inventory_products_lookup" was likely outdated from a previous version.
The Addon ships with newer data in SSE-default-data-inventory-products.csv but on update was not loaded into the KV store.

So my issue was fixed by:

| inputlookup SSE-default-data-inventory-products.csv
| outputlookup data_inventory_products_lookup
0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...