Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Notable Event Suppression option missing in actions drilldown

capnjudge
New Member
‎03-10-2021 05:23 PM

I was given admin rights at my job recently to work suppressions, and I have the ability to go to the notable event suppressions menu and do suppressions there, but when I go to incident review and attempt to suppress from there, the option "Suppress Notable Events." is not there. Is there some sort of option I need to turn on or am I missing something entirely different?

0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎03-13-2021 03:12 AM

Hi @capnjudge,

You should go Configure | Incident Management | Notable Event Suppressions page;

https://docs.splunk.com/Documentation/ES/6.4.1/Admin/Customizenotables#Create_and_manage_notable_eve...  

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...