Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create separate incident review dashboard for different team.

Nraj87
Explorer
‎10-30-2023 02:15 AM

Dear All,

Please suggest how to create separate incident review dashboard for different team.
OR How the notable will separated base on Teams. 

i.e. Windows Team - Windows Team can only check windows related notable 

Unix Team -Linux Team can only check Unix related notable 

SOC Team - Soc Team can check all the notable 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

Gr0und_Z3r0
Contributor
‎12-06-2023 10:28 PM

Like @meetmshah mentioned create a new tag or field in the notable that defines which team will work in it. Once in place create a filter in incident review dashboard with that team tag or field and let the respective teams select and work on those filtered incidents.

0 Karma
Reply

meetmshah
Builder
‎11-02-2023 08:58 AM

There's no OOTB feature, rather you can add tag/flag values in the search results itself and individual team members can just filter based on the flag.

Let me know if you have any questions / thoughts?

0 Karma
Reply
Get Updates on the Splunk Community!

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...

Splunk AppDynamics Agents Webinar Series

Mark your calendars! On June 24th at 12PM PST, we’re going live with the second session of our Splunk ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open! If you ...