Splunk Enterprise Security
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Notable events missing from incident review

itzikshviro
Explorer
‎10-08-2018 11:07 PM

Hi guys,
I have an issue with splunk ES, any help would be much appreciated.
The symptoms - some correlation searches (under content management) does not translate to incidents (under incident review).
When i search for the manuali for the events they appear fine.
When i search for the events under index=notable, they also appear. the action that creates notable events is working.
So why is the system doesn't generate incidents for some correlation searches?

Thanks in advance,
Itzik

0 Karma
Reply

jeremycarternfc
Engager
‎10-31-2018 04:23 AM

I am having this exact same issue. I'm just now starting to investigate but may end up making a support request for it. We're running 7.0.5 and ES 5.0.1.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Customers Increasingly Choose Splunk for Observability

For the second year in a row, Splunk was recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for ...
Top