Splunk Enterprise Security

Help with ESS Incident Review "There was an error fetching related investigations"


Having issues with fetching investigations in incident review.

Investigation is added for the alert but when accessing the alert I get the error "There was an error fetching related investigations" under related investigations.

My assumption is that it is a permissions issue since admins are able to view it with no problems.

However it appears that all the permissions that are needed are in place.

Any help is greatly appreciated.

Follow up question - Is there a way to auto add notables to investigations that share the same artifacts?

0 Karma
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...