Hello all!
I'm having trouble with Enterprise Security => Incident Review page.
all time "Search is waiting for input..."
Urgency is empty, grafic is empty.
but at Security Posture page i have events.
Has anyone had this problem in past?
how can i troubleshoot it?
Ok, figure out the "problem" for us at least. Splunk ES 4.7.2 is not compatible with Splunk 7.2.1. We roll back to Splunk 6.6, and this error message disappeared.
Why not upgrade Splunk ES instead? There are new features which makes it worthwhile.
I have the same problem, running Splunk 7.2.1 and Splunk ES 4.7.2. Anyone knows how to fix it please?
Have you managed to solve it? The same thing happens to me with the PCI app, I have identified errors within the _internal logs with the search "index = _internal sourcetype = splunk_web_service component = error" apparently it is a js theme
In my case it looks for a js that does not find InvestigationBarViewWrapper.js in / etc / apps / SplunkEnterpriseSecuritySuite / appserver / static / but I can not find it if it is generated dynamically.
509 INFO [5ba2e020817f21c03fa2d0] error:311 - Masking the original 404 message: 'The path '/en-US/static/@a0c72a66db66/app/SplunkEnterpriseSecuritySuite/InvestigationBarViewWrapper.js' was not found.' with 'Page not found!' for security reasons
But I can not solve it 😞 Do you have any new status?
Hi @virchenko. Thanks for your question! Did the answer below solve your question? If yes, please click “Accept” directly below the answer to resolve the post. If not, please comment with more information if you are still having issues.
Hi @virchenko,
You need to provide Correlation Search Name
and you need to provide timeframe as well instead of "All Time".
If you want to check Notable Events from Security Posture page in Incident Review then just click on Correlation Search Name under "Top Notable Events" which will drilldown (redirect) you to Incident Review page.
Hi @virchenko,
You need to provide Correlation Search Name
and you need to provide timeframe as well instead of "All Time".
If you want to check Notable Events from Security Posture page in Incident Review then just click on Correlation Search Name under "Top Notable Events" which will drilldown (redirect) you to Incident Review page.
thanks for answer
it'll work, when it page is work correct.
i haven't ane reaction of changing Correlation Search Name or other filters.