Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Edit name of notable event

test_qweqwe
Builder
‎11-14-2017 04:33 AM

I have this search:
| metadata type=hosts
| lookup critical_systems Host_name as host OUTPUT Host_name as host
| search host=*
| eval last60=relative_time(now(),"-60m@m")
| convert ctime(lastTime) as LastTimeLogged
| where lastTime < last60
| table host, LastTimeLogged
| sort –LastTimeLogged

The name of my notable event:
Stop sending logs from $host$

And results in "Incident Review":
http://prntscr.com/haawz1 i wanna this name that I marked by red color in main name of my notable event

And in ur opinion which fields will be good to add to this notable event?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-14-2017 04:51 AM

Hi test_qweqwe,
to change font color you have to customize CSS.
In Splunk 7.x Dashboard Examples App ( https://splunkbase.splunk.com/app/1603/ ) , you can find some examples to highlight or color a cell event.

Bye.
Giuseppe

0 Karma
Reply

test_qweqwe
Builder
‎11-14-2017 05:02 AM

I'm not correct said, i need another.

Okay, we have in notable event "Additional Fields" -> "Host" which have name - server_host1.local and I wanna this name in Title of notable event

I need "Stop sending logs from server_host1.local", not "Stop sending logs from ip-10.0.0.16"

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-14-2017 05:12 AM

Let me understand: when you speak of Notable Events are you speaking of Enterprise Security or Splunk Enterprise?
If Enterprise Security, sorry but I cannot help you.
If Splunk Enterprise, the question is: where is host field with the real hostname?
I see in your search three host fields: host, host1 and Host_name, identify which is the field with the real hostname and use it.

Bye.
Giuseppe

0 Karma
Reply

test_qweqwe
Builder
‎11-14-2017 05:17 AM

It's Enterprise Security 😞

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-14-2017 05:36 AM

Sorry!
I had this doubt but it isn't in question tags.
Have a good luck!.
Bye.
Giuseppe

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey


Introducing Unified TDIR with the New Enterprise Security 8.2

Read the blog

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...