Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

No Notables created but correlation searches are working manually

saurabhsumangat
New Member
‎04-25-2019 06:21 AM

till few afters before all my notables were working properly.
I made changes in XML file of default.xml on navigation menus using user interface on splunk.
After that i restarted the splunk but was unable to get back the splunk and got the error:

Read Timeout

after few hours without doing anything as such i could get back on SPLUNK
But i stopped getting any notables created.
Now my notables are 0 and earlier it used to be more than 95notables per hour

Please help me out with the troublehsooting

0 Karma
Reply

smoir_splunk
Splunk Employee
Splunk Employee
‎04-25-2019 09:39 AM

I suggest contacting support. It sounds like there is something else going on here. Are you sure you only changed the default.xml navigation file?

0 Karma
Reply

saurabhsumangat
New Member
‎04-25-2019 11:44 PM

yes , i changed only default.xml through SPLUNK interface

0 Karma
Reply
Get Updates on the Splunk Community!

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...