Splunk Enterprise Security

invalid key for param.default_disposition on Splunk ES 6.6.0


I recently installed brand new Splunk 8.2.2, then installed Splunk ES 6.6.0 on it, after Splunk ES installed and configured, I restarted Splunk from CLI, from that I got below error message:

"Checking conf files for problems... Invalid key in stanza [notable] in /opt/splunk/etc/apps/SA-ThreatIntelligence/default/alert_actions.conf, line 84: param.default_disposition (value: )."


There is no such error on Splunk ES 6.4.1, and there is also no such key, it's new from ES 6.6.0, who knows how to fix it? many thanks!

Labels (1)
0 Karma

I have This issue help Me Pls
0 Karma
Get Updates on the Splunk Community!

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more with ITSI’s ...

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more! Faster Time to ValueManaging and ...

New Release | Splunk Enterprise 9.3

Hi Splunky people! We are excited to share the newest updates in Splunk Enterprise 9.3!Admins and Analyst can ...

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...