Hi everyone, I’m currently troubleshooting an issue in a Splunk Enterprise 10.2.4 environment running Splunk Enterprise Security 8.3.0. Has anyone experienced an issue where Mission Control suddenly stops creating new Findings, while the environment appears to be healthy? So far we’ve verified: Search Head Cluster is healthy. Scheduled searches continue to run. Correlation Searches complete successfully. No obvious errors in scheduler.log, splunkd.log, or python.log. From the UI, everything looks normal, but no new Findings are generated after a certain point in time. What components or logs would you investigate next in the Enterprise Security pipeline? Has anyone encountered a similar issue or knows which internal ES components are responsible for creating Mission Control Findings after a Correlation Search completes? Any suggestions would be greatly appreciated. Thank you!
... View more