Splunk Enterprise Security

Add comment field in incident review page.

N92
Path Finder

Can I add comment field as table attribute in incident review page. For that what would be field name so I can map it with my custom lable. Where the field name I can find for owner & status also.

0 Karma
1 Solution

smoir_splunk
Splunk Employee
Splunk Employee

http://dev.splunk.com/view/enterprise-security/SP-CAAAFBA will probably help you find information about the comment field, and http://docs.splunk.com/Documentation/ES/5.0.0/Admin/Customizenotables#Add_a_field_to_the_notable_eve... covers in more detail and more up-to-date how to get an additional field to appear on incident review.

View solution in original post

0 Karma

smoir_splunk
Splunk Employee
Splunk Employee

http://dev.splunk.com/view/enterprise-security/SP-CAAAFBA will probably help you find information about the comment field, and http://docs.splunk.com/Documentation/ES/5.0.0/Admin/Customizenotables#Add_a_field_to_the_notable_eve... covers in more detail and more up-to-date how to get an additional field to appear on incident review.

View solution in original post

0 Karma

ssadanala1
Contributor
0 Karma

N92
Path Finder

Still, I don't find the field name for comment label. Thanks for your answer I understand how to add new field.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!