Troubleshoot detections with special characters
Issue
Detections that have special characters might display an error message such as, Search Does Not Exist.
Cause
This error message gets displayed if on-premises customers use a reverse proxy. Using Nginx as a reverse proxy in Splunk Enterprise Security might encode special characters that can prevent detections from being discovered by Splunk Enterprise Security.
Solution
Clone the detection and remove the special characters in the clone. You can then turn off the original detection. Additionally, you must configure your reverse proxy to not encode special characters.
Troubleshoot the display of findings or investigations in the analyst queue | Troubleshoot performance issues by editing saved searches in Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0
Feedback submitted, thanks!