Troubleshoot failed intelligence downloads in Splunk Enterprise Security
If you receive the message that a threat list failed to download, there are several possible root causes.
Possible root cause | Verification | Mitigation |
---|---|---|
The threat or intelligence source is no longer available at the IP address or URL. | Attempt to visit the URL or curl the threat source manually. | Disable the intelligence source if it is no longer available to download. |
Firewall or proxy settings are preventing the intelligence source from being accessed. | Test if you can visit the URL or curl the intelligence source manually on a different machine. | Modify the firewall or proxy settings to allow access to the intelligence source. |
Troubleshoot messages about unnecessary read or write access to investigation KV store collections | Troubleshoot dashboards in Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.3.0 Cloud only, 6.4.0, 6.4.1, 6.5.0 Cloud only, 6.5.1 Cloud only, 6.6.0, 6.6.2
Feedback submitted, thanks!