Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Unable to Enable Multiple Content Management Rules in Splunk Enterprise Security

amimulahasun
Explorer
‎03-10-2026 02:41 AM

Hi everyone,

I'm currently working with Splunk Enterprise Security and running into an issue when trying to enable multiple content management rules at once.

In the Content Management section (Security Content → Content Management), I select multiple detections/rules and attempt to enable them using Edit Selection → Turn On. However, the rules are not getting activated as expected.

Steps I followed:

  1. Navigated to Enterprise Security → Content Management.

  2. Selected multiple content items using the checkboxes.

  3. Clicked Edit Selection.

  4. Chose Turn On to activate the selected rules.

Issue:
The selected rules do not get enabled, or the action does not apply to all selected rules.

Environment Details:

  • Splunk Enterprise Security version: (add your version here)

  • Splunk Enterprise version: (add your version here)

  • Content type: Mostly Event-based detections / analytic stories

What I want to achieve:
I want to bulk enable multiple content management rules instead of enabling them one by one.

Questions:

  • Is there any limitation on bulk enabling rules in Content Management?

  • Are there any required permissions or configurations needed for this action?

  • Is there an alternative method (e.g., via search, API, or configuration) to enable multiple detections at once?

I've attached a screenshot for reference.

Screenshot 2026-03-10 153047.png

Any guidance or suggestions would be greatly appreciated.

Thanks!

Labels (2)
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎03-10-2026 09:42 AM

Hi @amimulahasun 

The top 3 are Analytic Stories and not searches so I dont think they have a 'turn on' option - If you untick these does it allow you to turn the others on?

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply

amimulahasun
Explorer
‎03-10-2026 11:33 PM

@livehybrid Also tried that but it didnot worked

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...