Splunk Enterprise Security
Highlighted

Incident Review not showing the notable events.

Loves-to-Learn Lots

I have one correlation search which runs every 15 mins I have events for same in the index "notable" but the same notable events are not visible under the incident review tab any suggestion?

0 Karma
Highlighted

Re: Incident Review not showing the notable events.

SplunkTrust
SplunkTrust

Do you have required permissions/capabilities (e.g. ess_analyst role)? Is your admin or others in the team able to view the notable in the Incident review screen?

https://docs.splunk.com/Documentation/ES/5.3.0/Install/ConfigureUsersRoles

0 Karma