Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Displaying an investigation on the Incident Review Dashboard

adnankhan5133
Communicator
‎10-05-2020 08:10 AM

If I decided to create an Investigation in Splunk ES via the Investigation Workbench from the Investigations page ("Create new Investigation"), could I also create a new notable event associated to that Investigation?

I'm trying to see if there is a way to display an investigation on the Incident Review dashboard since we are leveraging that dashboard for reporting purposes.

Labels (2)
0 Karma
Reply

lkutch_splunk
Splunk Employee
Splunk Employee
‎12-22-2020 03:30 PM

Yes, you can do that. You can start an investigation & then you can manually create a notable event called "started an investigation" (or whatever you like): 

https://docs.splunk.com/Documentation/ES/6.4.0/Admin/Createnotablesmanually#Create_a_notable_event_f...

& you can see it in Incident Review & add it to your investigation. 

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...