Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Add comment field in incident review page.

N92
Path Finder
‎04-23-2018 08:32 PM

Can I add comment field as table attribute in incident review page. For that what would be field name so I can map it with my custom lable. Where the field name I can find for owner & status also.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

smoir_splunk
Splunk Employee
Splunk Employee
‎04-24-2018 09:43 AM

http://dev.splunk.com/view/enterprise-security/SP-CAAAFBA will probably help you find information about the comment field, and http://docs.splunk.com/Documentation/ES/5.0.0/Admin/Customizenotables#Add_a_field_to_the_notable_eve... covers in more detail and more up-to-date how to get an additional field to appear on incident review.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

smoir_splunk
Splunk Employee
Splunk Employee
‎04-24-2018 09:43 AM

http://dev.splunk.com/view/enterprise-security/SP-CAAAFBA will probably help you find information about the comment field, and http://docs.splunk.com/Documentation/ES/5.0.0/Admin/Customizenotables#Add_a_field_to_the_notable_eve... covers in more detail and more up-to-date how to get an additional field to appear on incident review.

0 Karma
Reply
Solved! Jump to solution

ssadanala1
Contributor
‎04-23-2018 09:04 PM

Answer for your question is below

https://answers.splunk.com/answers/298999/splunk-app-for-enterprise-security-how-to-add-addi.html

0 Karma
Reply
Solved! Jump to solution

N92
Path Finder
‎04-23-2018 09:52 PM

Still, I don't find the field name for comment label. Thanks for your answer I understand how to add new field.

0 Karma
Reply
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...