Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

List of all notable events with associated investigations

tanmay
Engager
‎06-17-2020 07:19 PM

Hello,

 

I am trying to build a report where I can list all the notable events with associated investigations. The output should be a table with some selected column from notable event and an additional column - investigation name.

I looked at various macros which pull investigation collaborators but couldn't find anything which will pull notables for an investigation to see if it can be that way.

I hope that makes sense. I will appreciate any help.

 

Thanks

 

regards,

Tanmay

 

 

Labels (2)
Labels
Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...