Hi @Srini_551 , as @marnall said, Splunk isn't a tool for updating data because it doesn't use a database table, but you could use one of these workarounds to solve your needs: 1) schedule a searc...
See more...
Hi @Srini_551 , as @marnall said, Splunk isn't a tool for updating data because it doesn't use a database table, but you could use one of these workarounds to solve your needs: 1) schedule a search that updates your lookup with the new alerts and access the lookup using the Splunk Lookup Editor App. 2) create a dashboard in wich you have two panels: one with all the alerts, so you can choose the alert to modify, then in the second panel, you display the selected row and, using a text input, you can update the row, at the end you can sabe the raw in the lookup. this solution runs only if you are using a kvstore that record a key for each row. First solution is easier to implement, but you must use the Splunk Lookup Editor App as interface. Ciao. Giuseppe