Splunk Enterprise Security

Time taken to Resolve Incident

amitpanjawani
Explorer

I need to calculate average time take to resolve different incidents in splunk. If anybody have query for same??

0 Karma
1 Solution

amitpanjawani
Explorer

In the end, I have created a solution for it myself. https://splunkbase.splunk.com/app/4591/

View solution in original post

0 Karma

amitpanjawani
Explorer

In the end, I have created a solution for it myself. https://splunkbase.splunk.com/app/4591/

0 Karma

prashant_shriva
New Member

I have the same requirement.
I need to calculate the average time for all the notables to get resolved over a 30 day period.
Can anyone help me with the splunk query regarding same?

Regards
Prashant

0 Karma

chskm
Path Finder

Amit,

I couldn't get the question properly. Could you please explain in precise.

Saikrishna

0 Karma

amitpanjawani
Explorer

We have different notable search and have alerts to trigger for same. I need to have query which shows when incident status changes to "in progress" and when to "resolve" and average ( consider for monthly ) time taken to resolve it.

0 Karma
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...