adding a custom field to notable and update the va...

gigahex · ‎01-22-2025

Hi Team,

I am working with Splunk version 7.3.2, and I would like to add a custom field called jira_ticket to notable events. The goal is to initially populate this field during the event creation process and later update its value via the API as the ticket progresses through different stages in Jira.

Here are my key questions:

What is the best way to add a custom field like jira_ticket to notable events? Are there specific configurations or updates needed in correlation searches or incident review settings?
How can I reliably update this field through the API after it has been created? Are there any specific endpoints or parameters I need to be aware of?
Since I am using an older Splunk version (7.3.2), are there any limitations or additional considerations I should keep in mind while implementing this?

If anyone has successfully implemented a similar setup or can point me toward documentation, examples, or best practices, I’d greatly appreciate your input.

Thank you in advance!

alexeyglukhov

hey hey, I am in a similar situation, and currently exploring potential solutions, did you you end up with something working ? (thanks for any help in advance)

adding a custom field to notable and update the value via api

configuration

incident review

notable event

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Are you a member of the Splunk Community?