Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

SPLUNK ES Notable Event Closure

thambisetty
SplunkTrust
SplunkTrust
‎05-12-2020 09:52 AM

When closing a notable event in SPLUNK Enterprise Security, there are typically the following fields available

  • Status
  • Change urgency
  • Owner
  • Description Summary/Notes

Is there a way to add a new field with a custom drop down into the closure of the notable event. For example (using the example above), I would create a new field called Category with a drop down list to select the type of category.

  • Status
  • Change urgency
  • Owner
  • Category
  • Description Summary/Notes
————————————
If this helps, give a like below.
Labels (1)
Labels
Preview file
1 KB
Reply

thambisetty
SplunkTrust
SplunkTrust
‎09-20-2020 02:49 AM

answers are not related to question. I think this is the problem after migration from answers.splunk.com to community.splunk.com 

————————————
If this helps, give a like below.
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-12-2020 11:25 AM

Your upgrade path will not be direct. You will need to upgrade ES to version 5 before installing ES 6. See https://docs.splunk.com/Documentation/Splunk/8.0.3/Installation/HowtoupgradeSplunk#Upgrade_paths_to_... for the path to upgrade ES.

Be sure to run the Splunk Platform Readiness app (https://splunkbase.splunk.com/app/4698/) before installing Splunk 8 to make sure all of your Python scripts will be compatible.

---
If this reply helps you, Karma would be appreciated.
Reply

thambisetty
SplunkTrust
SplunkTrust
‎05-12-2020 12:04 PM

Thanks @richgalloway for quick response.

Yes I understand my upgrade path is not direct.

The problem is first if I upgrade Splunk ES to 5.x it doesn’t support Current version of Enterprise or

First If I upgrade Splunk Enterprise to lets say 7.3.3 Then ES current version doesn’t support.

I am now confused what to upgrade first.

————————————
If this helps, give a like below.
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-12-2020 12:18 PM

ES can run on an unsupported version of Splunk for a short time. "Short" means "until we upgrade again later today".

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

At Splunk Education, we’re dedicated to providing top-tier learning experiences that cater to every skill ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...