- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have Splunk enterprise security version 6.5.3.1 and am trying to create a dashboard for Risk Analysis. When I click on the Risk Analysis tab, I am not able to see any dashboards and also nothing is showing in the Incident Review tab.
I am getting the following error: "The search for datamodel 'Risk' failed to parse, cannot get indexes to search"
Can you please help me figure out why I am getting this error?
Thanks,
Sahil
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

It sounds like it either the 'risk' index isn't there or there is no data in the 'risk' index, or there is a permissions issue.
So, I would look at two things to start with.
- Is there a 'Risk' index, and does it have data? You can also run a search against the 'risk' index.
- Go to the Risk Analysis Data Model and hit the drop down for edit, and select 'edit permissions'. I believe it should be set by default to Display for 'All Apps', Everyone = Read, Admin = Write
Hope this helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is version issue splunk enterprise security, Now we are planning to install new version of security App
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

It sounds like it either the 'risk' index isn't there or there is no data in the 'risk' index, or there is a permissions issue.
So, I would look at two things to start with.
- Is there a 'Risk' index, and does it have data? You can also run a search against the 'risk' index.
- Go to the Risk Analysis Data Model and hit the drop down for edit, and select 'edit permissions'. I believe it should be set by default to Display for 'All Apps', Everyone = Read, Admin = Write
Hope this helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any Update Please Confirm
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

No version bug that I am aware of.
Let me ask a clarifying question.
Are you unable to see the dashboard, or is not finding any results?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is not finding any result when I go to Risk analysis TAB Because eventtypes with macros don’t work”.
Do we need to change anything in configuration file or What action we need to perform?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

Are you still getting the original error of 'The search for datamodel 'Risk' failed to parse, cannot get indexes to search' ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes I am getting same error, Its version issue I guess , I asked concered team to install new enterprise security app
Any thoughts ?
Thanks,
Sahil
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is version issue splunk enterprise security, Now we are planning to install new version of security App
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Joebiesi,
I changed the permissions and run risk index and they have data but still it not works.
Is there any issue Version Bug in the version ?
