Solved: Incident review default settings

kiran331 · ‎07-18-2016

Hi

Is there a way to show only critical, high, medium in incident review by default?

smoir_splunk · ‎07-19-2016

Not by default, but you could change the link to Incident Review to a filtered version of it by using these steps:
http://docs.splunk.com/Documentation/ES/4.2.0/User/ManageSearches#Add_a_link_to_the_ES_menu
(the steps apply for any ES installation though these docs are for a cloud-only version).

smoir_splunk · ‎07-19-2016

Not by default, but you could change the link to Incident Review to a filtered version of it by using these steps:
http://docs.splunk.com/Documentation/ES/4.2.0/User/ManageSearches#Add_a_link_to_the_ES_menu
(the steps apply for any ES installation though these docs are for a cloud-only version).

kiran331 · ‎07-19-2016

Thanks!how to add default=true to this one to make this as default page for ES

smoir_splunk · ‎07-19-2016

@kiran331 I just tested moving "default=true" from ess_home to the incident_review view, and that worked for me. Does that work for you?

kiran331 · ‎07-19-2016

Can i use default = true with in the href tag

smoir_splunk · ‎07-20-2016

Sadly I couldn't get that to work, even when it referenced an app context.

Incident review default settings