×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
sgote
New Member
Member since: ‎05-08-2024
‎03-13-2025
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-08-2024
View All

Re: Issue with Ingesting Splunk Notable Events int...

by in Splunk SOAR
‎03-19-2025 01:57 PM
‎03-19-2025 01:57 PM
My organization ran into a similar issue when we were initially deploying SOAR - we think it was due to our notable events having too many characters and then the entire message getting truncated. We ended up creating "One Notable to Rule them All" - just a notable that looks for other notables - it also removes fields we don't care about, ignores all suppressed events, and a few other pieces that make sense for our environment. We then also set the alert actions on this notable itself. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-13-2025 01:05 AM