Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is there an increase in security notables event count?

umesh
Path Finder
‎12-11-2022 10:34 PM

Hi Team,

 

I have created a notable in the Splunk ES and i received a notable and i analyzed the notable and i can see 130 events in the raw logs. But after sometime if i analyse the same notable i can see that there is increase in the  count of events . Can i know what the issue is regarding the increase in the event count.

Thanks & Regards,

Umesh

Tags (2)
0 Karma
Reply

umesh
Path Finder
‎12-21-2022 01:39 AM

@gcusello  can you please help on this. when i click on the contributing events in notable alert it is showing count of 59 events and aftersometime when i analyse the same notable contributing events link  the event count is getting increased. Please i explain the reason why it is happening 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-21-2022 03:55 AM

Hi @umesh,

it should be analyzed in your installation, but probably because the search has latest=now, so in the meantime other events arrived.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...