Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
484 results
Sorted by:
a week ago
Hello everyone. I am trying to deploy ESS, but I having some trouble with the notable events. I can not see results at the Incident Review dashboard and this is because the notable event index is e...
Labels
- Labels:
-
field extraction
02-09-2017
11:22 AM
1 Karma
I am trying to assign custom tags to notable events so that they can be triaged by certain analysts, i.e., tier 1. I have a cron scheduled search created and it is set to create notable events; t...
08-27-2020
07:36 AM
...he old low severity notable events changed to High automatically. (this search is on data model so dose not have any eval urgency in search). How to avoid changing old notable event severity&n...
11-03-2017
06:04 AM
2 Karma
Hi All,
I've just got Enterprise Security configured and im now trying to reduce the amount of false alarms created. Im seeing a lot of low/medium urgency network notable events that I would c...
11-25-2020
12:30 PM
I have created a workflow action to send a Notable Event to ServiceNow to create an incident. I am unable to figure out how to resolve nested tokens. For example, if the rule title for the c...
Labels
- Labels:
-
notable event
04-18-2018
06:37 AM
...0m events per day I'm sure it's not true that there hasn't been at least 1 notable event.
where do I check to see why these events are not being generated?
08-16-2019
11:05 AM
I created a correlation search that should have produced notable events. How can I trace these notable events?
Show results in replies (5)
-
...he events get indexed to the notable index?
-
...ut why your search head is not forwarding the notable events to your indexing tier. If it doesn't s...
-
...reating a notable event using the search language by including | sendalert notable at the end of your s...
-
...orward events to your indexers? Do your indexers have a notable index created?
-
When your correlation search runs, it should produce a log also: index=_* component=SavedSplunke...
11-29-2019
04:59 AM
Hello alll
I have following question:
If it is possible to create query which will change owner,status and add note to notable events?
for example with using macro notable I have found all notable...
09-02-2020
03:55 PM
Hi Team I am looking to send an email alert once the notable event is closed, I can send an email when the notable event is created but I cannot seem to find a way to send an email when the notable...
Labels
- Labels:
-
incident review
-
notable event
11-14-2017
03:37 PM
...top sending logs from ip-10.0.0.16"
When I created correlation search, I put this in title of notable event:
Stop sending logs from $host$
Also, my search:
I have this search:
| metadata t...
