Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create separate incident review dashboard for different team.

Nraj87
Loves-to-Learn Everything
‎10-30-2023 02:15 AM

Dear All,

Please suggest how to create separate incident review dashboard for different team.
OR How the notable will separated base on Teams. 

i.e. Windows Team - Windows Team can only check windows related notable 

Unix Team -Linux Team can only check Unix related notable 

SOC Team - Soc Team can check all the notable 

Labels (2)
Tags (1)
0 Karma
Reply

Gr0und_Z3r0
Contributor
‎12-06-2023 10:28 PM

Like @meetmshah mentioned create a new tag or field in the notable that defines which team will work in it. Once in place create a filter in incident review dashboard with that team tag or field and let the respective teams select and work on those filtered incidents.

0 Karma
Reply

meetmshah
Contributor
‎11-02-2023 08:58 AM

There's no OOTB feature, rather you can add tag/flag values in the search results itself and individual team members can just filter based on the flag.

Let me know if you have any questions / thoughts?

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...