Edit Notable Events
Edit all notable events that match one or more ruleUIDs or notable events that match a search.
External Documentation
To learn more, visit the Splunk documentation.
Basic Parameters
| Parameter | Description |
|---|---|
| Comment | A comment for the change of the notable events. |
| Event Filter Type | The type of notable event selection. |
| Rule UIDs | A list of IDs of notable events. |
| Search ID | An ID of a search. |
| Status | The new status ID of the notable events. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Disposition | The new disposition ID of the notable events. |
| New Owner | The new owner of the notable events. |
| Urgency | The new urgency of the notable events. |
Example Output
{
"message": "1 event updated successfully",
"failure_count": 0,
"success": true,
"details": {},
"success_count": 1
}
Workflow Library Example
Edit Notable Events with Splunk and Send Results Via Email
Preview this Workflow on desktop