https://community.splunk.com/t5/Splunk-Enterprise-Security/Is-it-possible-to-generate-a-quot-ticket-number-quot-style/m-p/249657#M1782 <P>I'd like each notable event that is raised in ES to have a unique "ticket number" style reference, automatically incrementing as events are raised - along the same kind of lines as ticket reference numbers that are created in systems like ServiceNow when a ticket is raised.</P> <P>I appreciate that the event_id field is a unique reference for each notable but it's not user friendly enough to be used as a point of reference between multiple analysts</P> <P>Is there a way to achieve what I am looking for?</P> Mon, 10 Oct 2016 13:47:32 GMT gmrtn14 2016-10-10T13:47:32Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Is-it-possible-to-generate-a-quot-ticket-number-quot-style/m-p/249657#M1782 <P>I'd like each notable event that is raised in ES to have a unique "ticket number" style reference, automatically incrementing as events are raised - along the same kind of lines as ticket reference numbers that are created in systems like ServiceNow when a ticket is raised.</P> <P>I appreciate that the event_id field is a unique reference for each notable but it's not user friendly enough to be used as a point of reference between multiple analysts</P> <P>Is there a way to achieve what I am looking for?</P> Mon, 10 Oct 2016 13:47:32 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Is-it-possible-to-generate-a-quot-ticket-number-quot-style/m-p/249657#M1782 gmrtn14 2016-10-10T13:47:32Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Is-it-possible-to-generate-a-quot-ticket-number-quot-style/m-p/249658#M1783 <P>You could build a lookup process, which would link the event_id to a more user-friendly ticket number. I am sure that it could be automated with a python script, or some other form of scripting. </P> Thu, 20 Oct 2016 02:28:58 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Is-it-possible-to-generate-a-quot-ticket-number-quot-style/m-p/249658#M1783 tezkpk 2016-10-20T02:28:58Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Is-it-possible-to-generate-a-quot-ticket-number-quot-style/m-p/249659#M1784 <P>For now, I would check out the "Share Notable Event" action in the Actions dropdown per notable event. This produces direct hyperlinks to the notable event with a copy-clipboard option. While not a "ticket number", this link can be distributed in digital-friendly ways:</P> <P><A href="https://server:8000/splunk-es/en-US/app/SplunkEnterpriseSecuritySuite/incident_review?form.srch=rule_id%3DDB9D6F9F-4BFD-4A81-8852-39474DCB9D56%40%40notable%40%405dc87d1d390c9c47b2a7de18d2cc7bc3&amp;earliest=1477325415&amp;latest=1477325417" target="_blank">https://server:8000/splunk-es/en-US/app/SplunkEnterpriseSecuritySuite/incident_review?form.srch=rule_id%3DDB9D6F9F-4BFD-4A81-8852-39474DCB9D56%40%40notable%40%405dc87d1d390c9c47b2a7de18d2cc7bc3&amp;earliest=1477325415&amp;latest=1477325417</A></P> <P><IMG src="https://community.splunk.com/storage/temp/169174-screen-shot-2016-10-24-at-113900-am.png" alt="alt text" /></P> Tue, 29 Sep 2020 11:32:17 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Is-it-possible-to-generate-a-quot-ticket-number-quot-style/m-p/249659#M1784 hazekamp 2020-09-29T11:32:17Z