Splunk Enterprise Security

How to create separate incident review dashboard for different team.

Loves-to-Learn Everything

Dear All,

Please suggest how to create separate incident review dashboard for different team.
OR How the notable will separated base on Teams. 

i.e. Windows Team - Windows Team can only check windows related notable 

Unix Team -Linux Team can only check Unix related notable 

SOC Team - Soc Team can check all the notable 

Labels (2)
Tags (1)
0 Karma


Like @meetmshah mentioned create a new tag or field in the notable that defines which team will work in it. Once in place create a filter in incident review dashboard with that team tag or field and let the respective teams select and work on those filtered incidents.

0 Karma


There's no OOTB feature, rather you can add tag/flag values in the search results itself and individual team members can just filter based on the flag.

Let me know if you have any questions / thoughts?

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...