Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk ES Additional Fields

username2383
New Member
‎09-14-2021 10:34 PM

When you get an incident in splunk-ES, the notable is often populated with 'additional fields'. some of these custom, some out of the box. Im looking to see what fields would be displayed for a notable from either searching the notable macro or the api if need be. searching the notable macro, I often i get 100+ fields for a notable, but maybe only 15 are displayed in the notable itself, where some other notable may only have 5 displayed. Is there a way to do a search that indicates wich fields would be displayed in the 'additional fields' of the notable?

for reference the additional fields im talking about are mentioned here under 'Add a field to the notable event details': https://docs.splunk.com/Documentation/ES/6.6.0/Admin/Customizenotables

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...
Top