I'm trying to find out if it's possible to create a unique row in a Splunk Enterprise Security dashboard. For example we currently have a Time/Security Domain/Title/Urgency/Status/Owner row in a dashboard.
Is it possible to create a unique value ID (i.e. XX-1234) for each notable event that is generated? I understand that there is a long event_ID that's associated with each event, but it's extremely long and makes it difficult when multiple analysts are looking at the same dashboard.
Ahh yes, the fact that you can assign an ID is functionality that exists in 4.7.x. There isn't any way to create a unique row on the dashboard unless you clone the dashboard and modify the view directly. I don't really recommend that.