Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is there an increase in security notables event count?

umesh
Path Finder
‎12-11-2022 10:34 PM

Hi Team,

 

I have created a notable in the Splunk ES and i received a notable and i analyzed the notable and i can see 130 events in the raw logs. But after sometime if i analyse the same notable i can see that there is increase in the  count of events . Can i know what the issue is regarding the increase in the event count.

Thanks & Regards,

Umesh

Tags (2)
0 Karma
Reply

umesh
Path Finder
‎12-21-2022 01:39 AM

@gcusello  can you please help on this. when i click on the contributing events in notable alert it is showing count of 59 events and aftersometime when i analyse the same notable contributing events link  the event count is getting increased. Please i explain the reason why it is happening 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-21-2022 03:55 AM

Hi @umesh,

it should be analyzed in your installation, but probably because the search has latest=now, so in the meantime other events arrived.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...