Splunk Enterprise Security

How to add new field for filtering in Splunk ES incident review?

gd288288
Observer

Hi all,

I would like to ask is that a way to add a another field for filtering in the Splunk ES incident review page? Currently there are only some default fields for filtering such as security domain, search type and status 

Regards,

Colin

0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...