Edit name of notable event

test_qweqwe · ‎11-14-2017

The name of my notable event:
Stop sending logs from $host$

And results in "Incident Review":
http://prntscr.com/haawz1 i wanna this name that I marked by red color in main name of my notable event

And in ur opinion which fields will be good to add to this notable event?

gcusello · ‎11-14-2017

Hi test_qweqwe,
to change font color you have to customize CSS.
In Splunk 7.x Dashboard Examples App ( https://splunkbase.splunk.com/app/1603/ ) , you can find some examples to highlight or color a cell event.

Bye.
Giuseppe

test_qweqwe · ‎11-14-2017

I'm not correct said, i need another.

Okay, we have in notable event "Additional Fields" -> "Host" which have name - server_host1.local and I wanna this name in Title of notable event

I need "Stop sending logs from server_host1.local", not "Stop sending logs from ip-10.0.0.16"

gcusello · ‎11-14-2017

Let me understand: when you speak of Notable Events are you speaking of Enterprise Security or Splunk Enterprise?
If Enterprise Security, sorry but I cannot help you.
If Splunk Enterprise, the question is: where is host field with the real hostname?
I see in your search three host fields: host, host1 and Host_name, identify which is the field with the real hostname and use it.

Bye.
Giuseppe

test_qweqwe · ‎11-14-2017

It's Enterprise Security 😞

gcusello · ‎11-14-2017

Sorry!
I had this doubt but it isn't in question tags.
Have a good luck!.
Bye.
Giuseppe

Edit name of notable event

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!