Solved: Hiding statuses in "Edit event" box in splunk ES

rishav · ‎10-21-2021

I have added some custom notable event statues say a , b , c.

I have modified the transition rules for "new" status such that ess_analyst role should not be able to make transition from new to a , b and c statuses.

But the issue is while status a and b are hidden from the "Edit events" box, the c is not .

Though the transition to status c is still disabled for analyst.

the id for a = 14, b =15 and c is 10.

Please help me understand why I see this behaviour.

rishav · ‎10-26-2021

So I found the answer myself, to make a status hidden in "Edit Event " box, transition to it has to be disabled from all the statuses present in the ES.

View solution in original post

rishav · ‎10-26-2021

So I found the answer myself, to make a status hidden in "Edit Event " box, transition to it has to be disabled from all the statuses present in the ES.

Hiding statuses in "Edit event" box in splunk ES

notable event

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Are you a member of the Splunk Community?

Hiding statuses in "Edit event" box in splunk ES

notable event

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler