I am trying to pull all the information from Splunk Security Incident Review Description column.
Please see the attachment.
I need to pull values corresponding to "Destination Business Unit " , "Destination category" ,....................., "Source PCI Domain".
The official way to do this is to use the notable macro in search (no leading pipe is necessary).
The content you want will be in the 'description' field. Note that the description field is dynamically created by replacing the field names in the 'rule_description' field.
See http://dev.splunk.com/view/enterprise-security/SP-CAAAFBA for more information.
You can get them from
index=notable OR by running search using the notable macro
You would need to ensure the assets are having bunit, category, domain fields populated as per your organization and they are linked (available) in the correlation search that produces the notable/incident (seen in the Incident review screen).