Splunk Enterprise Security

Splunk for Enterprise Security: Why loading the debug/refresh endpoint causes correlation searches to stop producing notable events?


Any time I load the debug/refresh endpoint, correlation searches stop running. Or, at least, they stop producing notable events. Is this expected behavior and if not, what's going on?

Splunk Enterprise 6.2.2, Splunk App for Enterprise Security 3.2.

0 Karma


I don't know what is going on, but I see the same behavior on 6.1.6 and 3.1.1.

Restarting Splunk on the ESS box fixes the glitch for me.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!