Splunk Enterprise Security

drill down on dashboard?

abdullahalhabba
Explorer

Hi My friends;

I have the following search on dashboard for the top incident review, I need when click on specific rule_name for go to incident review page for display only this incident review which I click it?

| es_notable_events| search urgency!=low urgency!=informational | top rule_name by urgency | fields - percent

Please I need your support in that

Regards;

0 Karma

lakshman239
SplunkTrust
SplunkTrust

Pls look at the drill-down from the 'Incident Review Audit' dashboard under 'Audit' navigation menu.

So, you can setup a token for your rule_name and pass that back using incident_review?form.source.... pls check that. basically, you need to pass the rule_name to form.source... https://docs.splunk.com/Documentation/Splunk/7.2.3/Viz/DrilldownLinkToDashboard

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...