Splunk Enterprise Security

Notable Event Suppression option missing in actions drilldown

capnjudge
New Member

I was given admin rights at my job recently to work suppressions, and I have the ability to go to the notable event suppressions menu and do suppressions there, but when I go to incident review and attempt to suppress from there, the option "Suppress Notable Events." is not there. Is there some sort of option I need to turn on or am I missing something entirely different?

0 Karma

scelikok
SplunkTrust
SplunkTrust

Hi @capnjudge,

You should go Configure | Incident Management | Notable Event Suppressions page;

https://docs.splunk.com/Documentation/ES/6.4.1/Admin/Customizenotables#Create_and_manage_notable_eve...  

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...