Knowledge Management
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I close 'My Investigations' after I am done with notable events?

eliyyah
Explorer
‎09-20-2016 07:36 AM

I can see where we can create 'New Investigations', track or manage current investigations, delete or edit or remove existing investigations, but nothing to close the investigation. When you actually go into one of your investigations there is additionally a button to 'Create New Entry' that drops down to create a 'Note' or view 'Action History' (all cool features btw), but nothing to say ok "this event or this investigation is resolved or closed".

Splunk Version 6.4.1.2
App: ES Version 4.2.0

Thanks!

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

smoir_splunk
Splunk Employee
Splunk Employee
‎09-20-2016 09:38 AM

Hello @eliyyah!

There is currently no way to close an investigation. The best workarounds I've found are to change the title to include the word "closed" and to add a note saying "this investigation is complete".

Thanks,
Sarah

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

smoir_splunk
Splunk Employee
Splunk Employee
‎09-20-2016 09:38 AM

Hello @eliyyah!

There is currently no way to close an investigation. The best workarounds I've found are to change the title to include the word "closed" and to add a note saying "this investigation is complete".

Thanks,
Sarah

0 Karma
Reply
Solved! Jump to solution

eliyyah
Explorer
‎09-20-2016 09:52 AM

It sounds like this may be an area for feedback and improvement. Thank you Sarah, you've confirmed our suspicions and concerns.

^_^

0 Karma
Reply
Solved! Jump to solution

smoir_splunk
Splunk Employee
Splunk Employee
‎09-20-2016 09:57 AM

Yes! I've added your question/comment to an existing enhancement request for this. Thanks for mentioning it 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top