Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create separate incident review dashboard for different team.

Nraj87
Loves-to-Learn Everything
‎10-30-2023 02:15 AM

Dear All,

Please suggest how to create separate incident review dashboard for different team.
OR How the notable will separated base on Teams. 

i.e. Windows Team - Windows Team can only check windows related notable 

Unix Team -Linux Team can only check Unix related notable 

SOC Team - Soc Team can check all the notable 

Labels (2)
Tags (1)
0 Karma
Reply

Gr0und_Z3r0
Contributor
‎12-06-2023 10:28 PM

Like @meetmshah mentioned create a new tag or field in the notable that defines which team will work in it. Once in place create a filter in incident review dashboard with that team tag or field and let the respective teams select and work on those filtered incidents.

0 Karma
Reply

meetmshah
Contributor
‎11-02-2023 08:58 AM

There's no OOTB feature, rather you can add tag/flag values in the search results itself and individual team members can just filter based on the flag.

Let me know if you have any questions / thoughts?

0 Karma
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...