When we try to change thestatus and update a notable event from theIncident Review dashboard we are prompted with a banner stating
"Theincident review lookupfile is currently being edited, p...
...accounts sid. I'm trying to enrich the data by applying a lookup that has many fields of information regarding each user so that a table has useable information from the event such as the user name....
HI,
I recently deployed Splunk Enterprise Security 4.5 into a Search Head Cluster and whenever I use theSplunkAppfor Unix and Linux, I am getting the below error from all indexers:
[PROD-X...
...file: /splunk/app/splunk/etc/apps/SA-ThreatIntelligence/lookups/reviewstatuses.csv and it will show up correctly inthe top fields forsearching/filtering. This goes away on a refresh/reload of the...
Hi All,
I have a Search Head Cluster and I am trying to update a global lookupfilein a particular app, but am having no luck. I obviously cannot edit it directly as then it won't be replicated t...
I just updated theSplunkAppforLookupFileEditing to the latest and now I can no longer download lookupfiles via CLI. This has been working flawlessly inSplunk Cloud when I was running v...
I have been building KV Store lookups with thelookupeditor and I have noticed that when I add a line inthe UI, when I leave it and come back to it, it duplicates the line multiple times and I h...
Hi,
I have created a dynamic lookup table in one of thesearch head using a search ,now i want it to move to another search head and shedule it, how could we achieve it.
How do you control who is inthe drop down list of owners, so you can assign a ticket to someone else? It seems to have picked a bunch of random people and not the two people I need inthere.