Splunk Enterprise Security

Is it possible to create a unique row in a Splunk Enterprise Security dashboard?

creagan12
New Member

Hello,

I'm trying to find out if it's possible to create a unique row in a Splunk Enterprise Security dashboard. For example we currently have a Time/Security Domain/Title/Urgency/Status/Owner row in a dashboard.

Is it possible to create a unique value ID (i.e. XX-1234) for each notable event that is generated? I understand that there is a long event_ID that's associated with each event, but it's extremely long and makes it difficult when multiple analysts are looking at the same dashboard.

Thank you!

0 Karma

smoir_splunk
Splunk Employee
Splunk Employee
0 Karma

creagan12
New Member

I don't think that's what I'm asking about..more specifically I'm asking about creating a unique row in a dashboard that can assign an ID for each notable event.

I appreciate the response since I didn't know that existed, but it doesn't answer my question.

0 Karma

smoir_splunk
Splunk Employee
Splunk Employee

Ahh yes, the fact that you can assign an ID is functionality that exists in 4.7.x. There isn't any way to create a unique row on the dashboard unless you clone the dashboard and modify the view directly. I don't really recommend that.

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...