Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to set Notable Event Status Via Search?

splunkbunk
Explorer
‎05-24-2023 12:00 PM

Hi All,

Recently a question came up about notifying a client on high urgency notable events. I want to send out an auto email anytime there's a high urgency notable event. It's easy to write a search that checks for high urgency notable events and send an email. However, I also want to be able to change the status of these notables within the same search as I send the email (Client Notified, or something similar). Is there a simple way to do this? I'd even settle for a complicated way 🙂

Thanks for reading!

0 Karma
Reply

meetmshah
Builder
‎07-04-2023 11:30 AM

Hello @splunkbunk, You can update the urgency under incident_review_lookup once you run the saved search that notifies users.

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...