Splunk® Enterprise Security

Administer Splunk Enterprise Security

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Troubleshoot failed intelligence downloads in Splunk Enterprise Security

If you receive the message that a threat list failed to download, there are several possible root causes.

Possible root cause Verification Mitigation
The threat or intelligence source is no longer available at the IP address or URL. Attempt to visit the URL or curl the threat source manually. Disable the intelligence source if it is no longer available to download.
Firewall or proxy settings are preventing the intelligence source from being accessed. Test if you can visit the URL or curl the intelligence source manually on a different machine. Modify the firewall or proxy settings to allow access to the intelligence source.
Last modified on 22 November, 2021
PREVIOUS
Troubleshoot messages about unnecessary read or write access to investigation KV store collections
  NEXT
Troubleshoot dashboards in Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.3.0 Cloud only, 6.4.0, 6.4.1, 6.5.0 Cloud only, 6.5.1 Cloud only, 6.6.0, 6.6.2


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters