@Nraj87 Please follow this: https://docs.splunk.com/Documentation/ES/7.3.3/User/Howurgencyisassigned#Modify_the_urgency_lookup_d...

Modify the urgency lookup directly

You can change which severity and priority values result in which calculated urgency values for notable events in Splunk Enterprise Security.

Only specific values are valid for severity or priority values. Use only those values when modifying the lookup. Do not modify the names of the notable event urgency values.

• Valid severity values: unknown, informational, low, medium, high, critical.
• Valid priority values: unknown, low, medium, high, critical.
• Valid urgency values: informational, low, medium, high, critical.

1. On the Enterprise Security menu bar, select Configure > Content > Content Management.
2. Choose the Urgency Levels lookup. An editable, color coded table representing the urgency lookup file displays.
3. In any row where the priority or severity is listed as unknown, review the assigned urgency.
4. (Optional) Edit the table and change the urgency to another one of the accepted values. All urgency values must be lower case.
5. Click Save.
   
   
   
   
   

If this Helps, Please Upvote!