Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Notable Event Status Inconsistency Between List View and Detail View in Mission Control

torgynnurlankul
New Member
a week ago

I'm experiencing a status synchronization issue in Splunk Enterprise Security 8.3.2 where the notable event status displays differently between the incident list and the detailed event view.

Issue Details:

  • In the Incident Review list, the event shows status as "New"
  • When navigating to the details of the same event, the status displays as "In Progress"
  • This creates confusion regarding the actual current status of the event
    {5A2BBCFA-3678-4809-9CB6-A96D3A5B1BAB}.png
Labels (1)
Labels
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
a week ago

Hi @torgynnurlankul 

Had the status changed between loading the Mission Control Analyst Queue screen and clicking on the specific Finding? As far as I understand, the content of the queue/table does not auto-reload when changes are made-  however opening the detail for a finding would load the latest information for it.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply

torgynnurlankul
New Member
a week ago

Thank you for the response. However, this doesn't appear to be a timing/refresh issue in our case.

Additional Details:

  • This inconsistency is affecting approximately 10 notable events simultaneously
  • The status mismatch persists even after manually refreshing the Incident Review page
  • All affected events consistently show "New" in the list view but "In Progress" when accessing the detail view
  • This behavior is reproducible and consistent across multiple page refreshes and different user sessions
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...