Unable to drilldown to individual events in Splunk...

lisheengoh · ‎04-23-2019

Hi, I am working on a deep dive view from ITSI.
I noticed that the splunk examples online allow you to click on any of the KPI swimlanes in the deep dive, and the events for that particular time will be appear below. See attached picture for reference.

However, i do not see the option to show the events whenever i click on any of the KPI swimlanes in my Deep Dive. Could somebody help to explain to me why? Perhaps my Splunk ITSI version an older one (im using ITSI version 3.1.0)?

Any help would be great. Thanks.

esnyder_splunk · ‎10-23-2019

You need to click Add Lane > Add Event Lane to add an event lane. There's no way to click on an individual KPI lane and have the event lane appear. Follow the docs here: https://docs.splunk.com/Documentation/ITSI/latest/User/Deepdiveswimlanes#Add_a_new_event_lane

lisheengoh · ‎04-24-2019

Looked at the documentation provided for ITSI, but it seems that they dont cover this topic.
https://docs.splunk.com/Documentation/ITSI/4.1.2/User/DeepDives

They make no mention of this particular feature to enable drilldowns in deep dives. Appreciate if anyone could shed some light on this. Thanks.

Unable to drilldown to individual events in Splunk ITSI Deep Dive

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?