Edit all notable events that match one or more ruleUIDs or notable events that match a search.
External DocumentationTo learn more, visit the Splunk documentation.

Basic Parameters

ParameterDescription
CommentA comment for the change of the notable events.
Event Filter TypeThe type of notable event selection.
Rule UIDsA list of IDs of notable events.
Search IDAn ID of a search.
StatusThe new status ID of the notable events.

Advanced Parameters

ParameterDescription
DispositionThe new disposition ID of the notable events.
New OwnerThe new owner of the notable events.
UrgencyThe new urgency of the notable events.

Example Output

{
	"message": "1 event updated successfully",
	"failure_count": 0,
	"success": true,
	"details": {},
	"success_count": 1
}

Workflow Library Example

Edit Notable Events with Splunk and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop