Splunk Enterprise Security

How to retrieve a specific alert in Splunk Enterprise security apart from using Short ID method?

New Member

Hi All,

Is there a way to retrieve a specific alert without using short ID in the incident review page?

I was thinking of using "rule_id" field or "event_hash" of the alert, but couldn't be able to pull the specific alert.

Please suggest any other alternate method other than using short id.


Labels (1)
0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...