Why can't I see any items in Adaptive Response Act...

jhy · ‎06-13-2023

Hi Splunker,

When creating or editing a new Correlation Search, the items of "Adaptive Response Actions" do not appear and the following error occurs.
The peculiarity only occurs when connecting from a macbook, and works normally when connecting from Windows.

The current environment is Splunk 9.0.5 + ES 7.1.1, but this has occurred since ES 7.x, a year ago.

Thanks

meetmshah · ‎07-04-2023

This has been answered in https://community.splunk.com/t5/Splunk-Enterprise-Security/Notable-info-could-not-be-obtained-uniden...

The issue was related to KV store, while troubleshooting we found that the KV store status of starting hence we checked whether the cluster members are able to communicate to each other on KV port. Enabling the KV store port between all the cluster member resolved the issue.

jhy · ‎07-04-2023

Thanks for your answer.

I also saw the link you sent before, but in my case it is not a search head cluster environment.
My problem is that when I connect from the windows client, it works normally, but when I connect from the macbook, a problem occurs.
Of course kvstore is working normally.

Why can't I see any items in Adaptive Response Actions and error "Notable Info could not be obtained: : undefined"?

administration

correlation search

notable event

troubleshooting

using Enterprise Security

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?