Splunk Enterprise Security

Enterprise Security: How do we specify the proper fields for the correlated search?

danielbb
Motivator

When we create the correlated searches, how do we specify which fields will be visible in the notable event / incident?

starcher
Influencer

That is covered in the docs. Incident Review Settings.
https://docs.splunk.com/Documentation/ES/5.3.1/Admin/Customizenotables

danielbb
Motivator

@starcher, after adding it according to the instructions, we don't see the field under -

alt text

What can it be?

0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...