When upgrading to ES 5.1.0 the "Related Events" di...

jhall0007 · ‎08-15-2018

After upgrading to Splunk 7.1.2 and ES 5.1.0 I no longer see the "Related Events" drilldown option on the incident review page. I do have drilldown settings ("Drill-down name" and "Drill-down search") configured in my correlation search. Is anyone else experiencing this trouble? Are there any new parameters that need to be configured?

smoir_splunk · ‎08-15-2018

Are you referring to the "view contributing events" option? Is it happening for all notable events? Have you cleared your web browser cache and the splunk web cache (with _bump or _refresh) since upgrading?

jhall0007 · ‎08-15-2018

On ES 5.0.0 it is called "contributing events" on the incident review page, though the wording may have been changed on 5.1.0. It is right between history and Adaptive response.

I have tried:
- Clearing cashe
- Using a private window on a secondary browser
- Using a secondary user
- Used debug/refresh
- Used /_bump
- Completed a second restart of Splunk services

I hadn't tried _bump until you suggested it. Thank you for that, but it is still having the problem.

smoir_splunk · ‎08-15-2018

That is super strange. I have no explanation for why this would be happening. Is this happening for all events, like I said? Some correlation searches create notable events where, if just one event is contributing, don't have a drilldown and just have the original event that led to the notable getting created.

jhall0007 · ‎08-15-2018

It is happening for all events, at least some of those events have drilldown searches and names configured. I tried updating the drilldown search name just to see if it would change anything - unfortunately it did not. I appreciate your input.

When upgrading to ES 5.1.0 the "Related Events" disappeared.

New in Observability Cloud - Explicit Bucket Histograms

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...