Splunk Enterprise Security

Not creating notable event in incident review

vin02
Path Finder

i have created one correlation search and updated the details for the notable event. But my correlation search is not generating the notable event in incident review.
While i am running the correlation query in the search head,it is generating the result.
what are the changes needs to do to get the notable event in the incident review?

neelamsantosh
Path Finder

reload the datamodel.

0 Karma

vin02
Path Finder

How to reload the datamodel without re-starting splunk?

0 Karma

neelamsantosh
Path Finder

Go to
Setting--> data models
select the respective accelerated datamodel and under the dropdown u will find the Acceleration with (Rebuild)

0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...