Splunk® Enterprise Security

Troubleshoot Splunk Enterprise Security

Troubleshoot detections with special characters

Issue

Detections that have special characters might display an error message such as, Search Does Not Exist.

Cause

This error message gets displayed if on-premises customers use a reverse proxy. Using Nginx as a reverse proxy in Splunk Enterprise Security might encode special characters that can prevent detections from being discovered by Splunk Enterprise Security.

Solution

Clone the detection and remove the special characters in the clone. You can then turn off the original detection. Additionally, you must configure your reverse proxy to not encode special characters.

Last modified on 24 September, 2024
Troubleshoot the display of findings or investigations in the analyst queue   Troubleshoot performance issues by editing saved searches in Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters