Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Hiding statuses in "Edit event" box in splunk ES

rishav
Explorer
‎10-21-2021 06:25 AM

I have added some custom notable event statues say a , b , c.

I have modified the transition rules for "new" status such that ess_analyst  role should not  be able to make transition from new to a ,  b and c statuses.

 But the issue is while  status a and b are hidden from the "Edit events" box, the c is not .

Though the transition to status c is still disabled for analyst.

 

the id for a = 14, b =15 and c is 10.

Please help me understand why I see this  behaviour.

 

 

Labels (1)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

rishav
Explorer
‎10-26-2021 06:16 AM

So I found the answer myself,  to make a status hidden in "Edit Event " box,  transition to it has to be disabled from all the statuses present in the ES.

View solution in original post

Reply
Solved! Jump to solution
Solution

rishav
Explorer
‎10-26-2021 06:16 AM

So I found the answer myself,  to make a status hidden in "Edit Event " box,  transition to it has to be disabled from all the statuses present in the ES.

Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...