Activity Feed
- Posted Re: Splunk ES - "Status Transitions" under "Edit Notable Event Status" is not getting updated on Splunk Search. 03-24-2016 11:51 PM
- Posted Re: ES incident_review_lookup on Splunk Search. 03-16-2016 05:06 AM
- Posted Re: ES incident_review_lookup on Splunk Search. 03-16-2016 05:01 AM
- Posted Re: ES incident_review_lookup on Splunk Search. 03-14-2016 04:03 AM
- Posted Re: ES incident_review_lookup on Splunk Search. 03-14-2016 12:26 AM
- Posted ES incident_review_lookup on Splunk Search. 03-13-2016 12:02 PM
- Tagged ES incident_review_lookup on Splunk Search. 03-13-2016 12:02 PM
- Posted Re: How to get details of Notable event on Splunk Search. 02-04-2016 08:59 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
03-24-2016
11:51 PM
Enable/Disable the statuses which you want to transition in 'Notable Event Status' page. Disable and Enable the status even if the status are already Enabled.
Click status value in the same page and select roles in Authorization field for status transitions are required, then Save it.
Hope this helps !
... View more
03-17-2016
01:22 PM
1 Karma
That "summary index" already exists - it's called _audit .
... View more
02-04-2016
08:59 PM
Hey,
Got any method to get this notable event_id?, I am also struggling to get this value.
Thanks,
... View more
