Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to write a Query to identify Splunk notable rule triggers with change in urgency?

Manoj8888
Engager
‎04-20-2022 11:34 AM

Hello,

 

I am trying write a query to  identify if any Splunk notable rule triggers with change in Urgency (i.e. from medium to high).Cloud any one please  help me in building  the query?

Labels (1)
Labels
0 Karma
Reply

smurf
Communicator
‎04-21-2022 01:51 AM

Hi,

When any Urgency is selected when editing a Notable (even if it is the same as the original Urgency) can be found like this:

index=_audit source=notable_update_rest_handler urgency=*

 

Originally, I thought you were looking for a Notable that has a different Urgency than what you defined in Severity in the correlation search. That could be found like this:

`notable` | where severity != urgency

 

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...