Splunk Enterprise Security

Splunk Enterprise Security: How to troubleshoot why Incident Review hangs on "loading"?

arunkuriakose
Explorer

Hi Team

My Splunk Enterprise Security Incident Review is not loading...It just shows "loading" for a long time. I created a notable event and also tried copying the same code to create a separate incident review button, but no luck...please help

Thanks in advance

0 Karma

arandriamanohis
Engager

Not sure if this has been resolved, but I encountered the same issue. It turns out it's the contents of the data folder in SA-ThreatIntelligence/local , likely from customizations that we've done. The incident_review.xml file in data/ui/views is completely different between the version I was coming from (4.1.x) and the one I'm upgrading to (4.7.x)

TL;DR check SA-ThreatIntelligence/local/data/ and move it somewhere, restart Splunk and check if it works. If it does, you'll have to restore the customizations you made in the first place.

LukeMurphey
Champion

Can you try looking into your browser console for errors?

0 Karma

arunkuriakose
Explorer

Can you guide me on checking that?

0 Karma

niemesrw
Path Finder

Hi arunkuriakose - I'd recommend you use chrome and start the 'developer tools' to see if there are any errors. Incident review is most likely some javascript and perhaps your browser is blocking the code for some reason.

You might also try clearing everything in your browser and trying a different browser to see if the same thing applies to different situations - I've seen weirdness before with chrome and safari exhibiting different behavior. Also try incognito mode and see if that does something different.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...