Splunk Enterprise Security 8

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS AppDynamics On-Premises About This Site Community Support Supported Add-ons

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS AppDynamics On-Premises About This Site Community Support Supported Add-ons

Documentation

Splunk Enterprise Security 8

Splunk Enterprise Security 8 Contents

Install

Administer

Troubleshoot

8.1

Troubleshooting

Troubleshoot common issues when using Federated Analytics with Splunk Enterprise Security

User Guide

REST API Reference

API Reference

Release Notes and Resources

Security Content Update

Security Essentials

Splunk App for Fraud Analytics

Splunk App for PCI Compliance

Common Information Model

Splunk Machine Learning Toolkit

Troubleshoot common issues when using Federated Analytics with Splunk Enterprise Security

Troubleshoot common issues when using Federated Analytics with Splunk Enterprise Security.

Issue

ESCU detections do not gather data from the correct federated indexes.

Cause

All federated indexes are not added to the amazon_security_lake search macro.

Solution

In Splunk Enterprise Security, go to Search and expand the amazon_security_lake macro to verify if all pertinent indexes are available and edit the macro to include any missing indexes. Alternatively, in Splunk Enterprise Security, go to Settings and select Advanced search and then select Search macro to edit the amazon_security_lake macro and add any missing indexes.

See also

For more information on configuring Federated Analytics on Splunk Platform, see the product documentation:

About Federated Analytics

ON THIS PAGE

Issue
Cause
Solution
See also

Splunk Enterprise Platform

Splunk Cloud Platform

Product Guides

Splunk Enterprise Security 8

Last updated: July 14, 2025

Explore Topics

Splunk Observability Cloud

Splunk IT Service Intelligence

Splunk Cloud Platform

Splunk Enterprise

Data Management

Splunk Enterprise Security 8

Splunk Enterprise Security 7

Splunk SOAR

Security Offerings

AppDynamics SaaS

AppDynamics On-Premises

About This Site

Community Support

Supported Add-ons

©2005-2025 Splunk Inc. All rights reserved.