The team here is not satisfied with the capabilities, workflow of the Incident Review section of ES. Is there a nice video that I can share with them about this UI part of the app?
Here is a video at splunk
https://www.splunk.com/en_us/resources/videos/splunk-incident-review-demo.html
https://www.youtube.com/watch?v=lh21uzfogRk
In order to maximize the Splunk Enterprise usage, please consider to run for Splunk Training.
https://www.splunk.com/en_us/training/courses/using-splunk-enterprise-security.html