Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Notable events missing from incident review

itzikshviro
Explorer
‎10-08-2018 11:07 PM

Hi guys,
I have an issue with splunk ES, any help would be much appreciated.
The symptoms - some correlation searches (under content management) does not translate to incidents (under incident review).
When i search for the manuali for the events they appear fine.
When i search for the events under index=notable, they also appear. the action that creates notable events is working.
So why is the system doesn't generate incidents for some correlation searches?

Thanks in advance,
Itzik

0 Karma
Reply

jeremycarternfc
Engager
‎10-31-2018 04:23 AM

I am having this exact same issue. I'm just now starting to investigate but may end up making a support request for it. We're running 7.0.5 and ES 5.0.1.

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...