Splunk Enterprise Security

Is it possible to create a unique row in a Splunk Enterprise Security dashboard?

creagan12
New Member

Hello,

I'm trying to find out if it's possible to create a unique row in a Splunk Enterprise Security dashboard. For example we currently have a Time/Security Domain/Title/Urgency/Status/Owner row in a dashboard.

Is it possible to create a unique value ID (i.e. XX-1234) for each notable event that is generated? I understand that there is a long event_ID that's associated with each event, but it's extremely long and makes it difficult when multiple analysts are looking at the same dashboard.

Thank you!

0 Karma

smoir_splunk
Splunk Employee
Splunk Employee
0 Karma

creagan12
New Member

I don't think that's what I'm asking about..more specifically I'm asking about creating a unique row in a dashboard that can assign an ID for each notable event.

I appreciate the response since I didn't know that existed, but it doesn't answer my question.

0 Karma

smoir_splunk
Splunk Employee
Splunk Employee

Ahh yes, the fact that you can assign an ID is functionality that exists in 4.7.x. There isn't any way to create a unique row on the dashboard unless you clone the dashboard and modify the view directly. I don't really recommend that.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!