Solved: Why can I not select a Security Domain in Notable ...

danharvey · ‎06-24-2019

Hi All,
I'm having some troubles setting up a response action for my correlation search.
Here are the steps I have taken:
ES > Content Management > New correlation search > Filled in my search parameters > Add a new response action > Select "Notable" action

I can fill in Title, Description no worries but when I get to Security Domain, Severity, Default Owner, and Default Status, all of those four options have neither a text box or drop down field. I have tried using Chrome and Edge thinking this could be a browser bug, and although the content management UI for splunk can definitely be considered unfinished, It still isn't working.
Also, even if I fill out the "Notable" action details and hit save, my correlation search is saved but the response action is not, and it disappears.

alt text

Thanks all

danharvey · ‎07-10-2019

Managed to answer my own question, had to set it up on the search head for the additional fields to be visible and editable.

View solution in original post

danharvey · ‎07-10-2019

Managed to answer my own question, had to set it up on the search head for the additional fields to be visible and editable.

wtomiyam · ‎02-15-2022

@danharvey

I have the same problem.
What kind of settings on the search head did you solve?

Why can I not select a Security Domain in Notable Response Action?

Mastering Data Pipelines: Unlocking Value with Splunk

The Latest Cisco Integrations With Splunk Platform!

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk