Splunk Enterprise Security

How to add new field for filtering in Splunk ES incident review?

gd288288
Observer

Hi all,

I would like to ask is that a way to add a another field for filtering in the Splunk ES incident review page? Currently there are only some default fields for filtering such as security domain, search type and status 

Regards,

Colin

0 Karma
Get Updates on the Splunk Community!

Tech Talk | One Log to Rule Them All

One log to rule them all: how you can centralize your troubleshooting with Splunk logs We know how important ...

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through:An introduction to the Splunk Threat ...

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! 🌈 In the United States, as well as many countries around the ...