Troubleshoot failed intelligence downloads in Splunk Enterprise Security
If you receive the message that a threat list failed to download, there are several possible root causes.
|Possible root cause||Verification||Mitigation|
|The threat or intelligence source is no longer available at the IP address or URL.||Attempt to visit the URL or curl the threat source manually.||Disable the intelligence source if it is no longer available to download.|
|Firewall or proxy settings are preventing the intelligence source from being accessed.||Test if you can visit the URL or curl the intelligence source manually on a different machine.||Modify the firewall or proxy settings to allow access to the intelligence source.|
Troubleshoot messages about unnecessary read or write access to investigation KV store collections
Troubleshoot dashboards in Splunk Enterprise Security
This documentation applies to the following versions of Splunk® Enterprise Security: 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.3.0 Cloud only, 6.4.0