Re: Splunk Enterprise Security: How to troubleshoo...

arunkuriakose · ‎08-18-2016

Hi Team

My Splunk Enterprise Security Incident Review is not loading...It just shows "loading" for a long time. I created a notable event and also tried copying the same code to create a separate incident review button, but no luck...please help

Thanks in advance

arandriamanohis · ‎01-11-2018

Not sure if this has been resolved, but I encountered the same issue. It turns out it's the contents of the data folder in SA-ThreatIntelligence/local , likely from customizations that we've done. The incident_review.xml file in data/ui/views is completely different between the version I was coming from (4.1.x) and the one I'm upgrading to (4.7.x)

TL;DR check SA-ThreatIntelligence/local/data/ and move it somewhere, restart Splunk and check if it works. If it does, you'll have to restore the customizations you made in the first place.

LukeMurphey · ‎08-26-2016

Can you try looking into your browser console for errors?

arunkuriakose · ‎08-27-2016

Can you guide me on checking that?

niemesrw · ‎08-28-2016

Hi arunkuriakose - I'd recommend you use chrome and start the 'developer tools' to see if there are any errors. Incident review is most likely some javascript and perhaps your browser is blocking the code for some reason.

You might also try clearing everything in your browser and trying a different browser to see if the same thing applies to different situations - I've seen weirdness before with chrome and safari exhibiting different behavior. Also try incognito mode and see if that does something different.

Splunk Enterprise Security: How to troubleshoot why Incident Review hangs on "loading"?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life