Splunk Enterprise Security
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Enterprise Security: How to set up alerts when a notable event with urgency High & Critical arises in the Incident review?

kiran331
Builder
‎07-19-2016 07:30 AM

Hi

How to set up alerts when a notable event with urgency High & Critical arises in the Incident review with event details?

Reply
1 Solution
Solved! Jump to solution
Solution

mwhittaker126
Engager
‎11-17-2016 08:08 AM

This is what i used. Hopefully this can help you out.

`notable` | where urgency="high" OR urgency="critical" | table _time source src dest user | eval computer=coalesce(src,dest)

View solution in original post

Reply
Solved! Jump to solution
Solution

mwhittaker126
Engager
‎11-17-2016 08:08 AM

This is what i used. Hopefully this can help you out.

`notable` | where urgency="high" OR urgency="critical" | table _time source src dest user | eval computer=coalesce(src,dest)
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top