Splunk Enterprise Security

Is it possible to create a unique row in a Splunk Enterprise Security dashboard?

creagan12
New Member

Hello,

I'm trying to find out if it's possible to create a unique row in a Splunk Enterprise Security dashboard. For example we currently have a Time/Security Domain/Title/Urgency/Status/Owner row in a dashboard.

Is it possible to create a unique value ID (i.e. XX-1234) for each notable event that is generated? I understand that there is a long event_ID that's associated with each event, but it's extremely long and makes it difficult when multiple analysts are looking at the same dashboard.

Thank you!

0 Karma

smoir_splunk
Splunk Employee
Splunk Employee
0 Karma

creagan12
New Member

I don't think that's what I'm asking about..more specifically I'm asking about creating a unique row in a dashboard that can assign an ID for each notable event.

I appreciate the response since I didn't know that existed, but it doesn't answer my question.

0 Karma

smoir_splunk
Splunk Employee
Splunk Employee

Ahh yes, the fact that you can assign an ID is functionality that exists in 4.7.x. There isn't any way to create a unique row on the dashboard unless you clone the dashboard and modify the view directly. I don't really recommend that.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...