ES: incident Review is not showing as expected

neelamsantosh · ‎04-13-2017

Our incident Review board has different view and not functioning as expected due to which we are unable to filter from the dropdown list

Chrome: up to date (Version 57.0.2987.133 (64-bit))
Splunk Enterprise : 6.5.2
Splunk ES: 4.1

neelamsantosh · ‎04-18-2017

I believe this is known issue SOLNESS-10915. Enterprise Security 4.1 is
not compatible with version 6.5.x of Splunk. It is recommended to upgrade
your Enterprise Security as the workaround for this issue.

http://docs.splunk.com/Documentation/ES/4.1.1/RN/KnownIssues

hardikJsheth · ‎04-14-2017

I agree with @smoir.

In case you are upgrading from earlier version of ES try to reload the IR page after clearing cache of your browser.

smoir_splunk · ‎04-13-2017

Hello @neelamsantosh,

Make sure you are using a compatible version of Splunk Enterprise with Splunk Enterprise Security.

Check this table for your version of Enterprise Security: http://docs.splunk.com/Documentation/ES/4.6.0/Install/DeploymentPlanning#Splunk_Enterprise_system_re...

Thanks,
Sarah

ES: incident Review is not showing as expected

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms