Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Enterprise Security: Is there a way to get detailed reporting of Investigations?

jongui
New Member
‎12-18-2018 11:57 AM

We use the Investigations as part of our case management process. With that said, is there any way to get data on investigations? We would like to get data such as but not limited to:

  • Count of Investigations by created by
  • Count of Investigations by status
  • Timechart of Investigations

Notable events are easily found in the notable index but we are unable to find the data on investigations to provide us the metrics.

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...