- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Add Notable Event to an ES Investigation using the API
![dsofoulis dsofoulis](https://community.splunk.com/legacyfs/online/avatars/452284.jpg)
I would like to have an investigation created with a notable event recorded in there using the API.
I've been trying to achieve this by adding a notable event to an ES investigation using the API.
So far I have been able to create an investigation and then add an artifact to it using the API.
Next step I need to complete is to insert a notable event into an ES investigation using the API.
Alternatively if its possible to create an investigation from a notable using the API then I would also be happy with that option.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![SplunkTrust SplunkTrust](/html/@E48BE65924041B382F8C3220FF058B38/rank_icons/splunk-trust-16.png)
@dsofoulis - You can use "Investigation Event" endpoint from "Investigation API", it should be very similar to how you are adding Artifact.
Here is the full reference - https://docs.splunk.com/Documentation/ES/7.3.1/API/InvestigationAPIreference
I hope this helps!!! Kindly upvote if it does!!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![dsofoulis dsofoulis](https://community.splunk.com/legacyfs/online/avatars/452284.jpg)
Yeah that’s the document I’ve been following. I’ve tried many different combinations and so far nothing has worked.
are you able to share the correct api query to use?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![SplunkTrust SplunkTrust](/html/@E48BE65924041B382F8C3220FF058B38/rank_icons/splunk-trust-16.png)
I have not personally tried this API, but based on API Doc, you can try and then ask follow up question based on errors it is generating.
Or you can even create Splunk Support ticket if something is not working as described in the Doc.
![](/skins/images/89D5ADE867CBAF0B5A525B7E23D83D7E/responsive_peak/images/icon_anonymous_message.png)