Splunk® Enterprise Security

Release Notes

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Known issues for Splunk Enterprise Security

Following are the known issues for this version of Splunk Enterprise Security:


Date filed Issue number Description
2021-04-29 SOLNESS-26712 Incident review page loads slowly after an upgrade to Splunk Enterprise Security version 6.5.1.

Workaround:
Add a reasonable time period to the get_active_correlations macro. For example, earliest = -90d.
Otherwise, correlation searches that do not create a notable within that time frame cannot be selected as an option in the filters when the Incident Review page loads.
2021-03-03 SOLNESS-25956 Next Steps for adaptive response actions do not parse correctly in the Incident Review dashboard.

Workaround:
Enter each of the adaptive response actions on separate lines in the Next Steps field of the Correlation Search editor.


Last modified on 17 June, 2021
PREVIOUS
Fixed issues for Splunk Enterprise Security
  NEXT
How to find answers and get help with Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 6.5.1 Cloud only


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters