...ast 60 minutes, and the notable has some variables.
The inspector shows that it is not able to find events (considering the search runs fine in flashtimeline). I know it is a bit ambiguous, but i...
...earch head and the I read somewhere that the Splunk_SA_CIM app needs to have a index.conf for notableevents to be place locally on ES. Can someone please provide some thoughts or suggestions....
...mail, the email is not being sent, because the server specified in general mailserver setting is not taken by EnterpriseSecurityNotableEvents. Do I need to configure some extra settings for Splunk...
...ield I created is missing on the notableevent. How do I ensure that this custom field is being sent along with the other data that is sent by default as a notableevent?
SplunkEnterprise v7.0.1
Some notableevents are showing inIncident Review but not all.
We are missing some notables that used to show/generate fine in the past.
Not sure if related but r...
I created correlation search and add Notable action as "Adaptive Response Actions". By running search there are some events and actually Activity>Jobs shows events are existing. However "In...
One of my SplunkEnterpriseSecurity customer's complained that sometimes the notableevents are not created even when the corresponding raw data is there.
So I checked the scheduler log and f...