Splunk Enterprise Security 8

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS AppDynamics On-Premises AppDynamics SAP Agent Welcome Community Support Supported Add-ons

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS AppDynamics On-Premises AppDynamics SAP Agent Welcome Community Support Supported Add-ons

Documentation

Splunk Enterprise Security 8

Splunk Enterprise Security 8 Contents

Install

Administer

Troubleshoot

User Guide

REST API Reference

API Reference

Release Notes and Resources

8.1

Splunk Enterprise Security Release Notes

Known issues

Security Content Update

Security Essentials

Splunk App for Fraud Analytics

Splunk App for PCI Compliance

Common Information Model

Splunk Machine Learning Toolkit

Known issues

The following tables include issues and workarounds for releases of Splunk Enterprise Security. Issues are listed in all relevant sections. Some issues appear more than once.

Splunk Enterprise Security 8.1.1 known issues

A list of key known issues in this version of Splunk Enterprise.

This section includes issues and workarounds for the 8.1.1 release of Splunk Enterprise Security. Issues are listed in all relevant sections. Some issues appear more than once.


Date filed	Issue number	Description
08-11-2025	SOLNESS-52053	Two RIR detections are disabled after upgrading to ES version 8.1. Workaround: Navigate to Content Management in Splunk Enterprise Security. Locate the following detections: 1. Risk Threshold Exceeded For Object Over 24 Hour Period 2. ATTACK Tactic Threshold Exceeded For Object Over Previous 7 Days Identify the “Most Recently Used” version: This is shown in the Version column on the Content Management page by default. It is also the version displayed by default in the Detection editor page when you select the detection. Re-enable the correct version: If the most recently used version displays as Disabled, select it and toggle it to Enabled. Save your changes: Confirm that the detections are active in the Content Management page.

Splunk Enterprise Security 8.1.0 known issues

A list of key known issues in this version of Splunk Enterprise Security.

This section includes issues and workarounds for the 8.1.0 release of Splunk Enterprise Security. Issues are listed in all relevant sections. Some issues appear more than once.


Date filed	Issue number	Description
08-11-2025	SOLNESS-52053	Two RIR detections are disabled after upgrading to ES version 8.1. Workaround: Navigate to Content Management in Splunk Enterprise Security. Locate the following detections: 1. Risk Threshold Exceeded For Object Over 24 Hour Period 2. ATTACK Tactic Threshold Exceeded For Object Over Previous 7 Days Identify the “Most Recently Used” version: This is shown in the Version column on the Content Management page by default. It is also the version displayed by default in the Detection editor page when you select the detection. Re-enable the correct version: If the most recently used version displays as Disabled, select it and toggle it to Enabled. Save your changes: Confirm that the detections are active in the Content Management page.

See also

For known issues in Splunk SOAR (Cloud), see Known issues for Splunk SOAR (Cloud).

ON THIS PAGE

Splunk Enterprise Security 8.1.1 known issues
Splunk Enterprise Security 8.1.0 known issues
See also

Splunk Enterprise Platform

Splunk Cloud Platform

Product Guides

Splunk Enterprise Security 8

Last updated: July 17, 2025

Explore Topics

Splunk Observability Cloud

Splunk IT Service Intelligence

Splunk Cloud Platform

Splunk Enterprise

Data Management

Splunk Enterprise Security 8

Splunk Enterprise Security 7

Splunk SOAR

Security Offerings

AppDynamics SaaS

AppDynamics On-Premises

AppDynamics SAP Agent

Welcome

Community Support

Supported Add-ons

©2005-2025 Splunk Inc. All rights reserved.