Splunk Enterprise Security

Notable Event Suppression option missing in actions drilldown

capnjudge
New Member

I was given admin rights at my job recently to work suppressions, and I have the ability to go to the notable event suppressions menu and do suppressions there, but when I go to incident review and attempt to suppress from there, the option "Suppress Notable Events." is not there. Is there some sort of option I need to turn on or am I missing something entirely different?

0 Karma

scelikok
SplunkTrust
SplunkTrust

Hi @capnjudge,

You should go Configure | Incident Management | Notable Event Suppressions page;

https://docs.splunk.com/Documentation/ES/6.4.1/Admin/Customizenotables#Create_and_manage_notable_eve...  

If this reply helps you an upvote is appreciated.
0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...