Splunk® Enterprise Security

Installation and Upgrade Manual

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of ES. Click here for the latest version.
Acrobat logo Download topic as PDF

Configure log review settings

Log review settings are associated with editing the status of notable events. Go to Configure > Log Review Settings to configure whether analysts can override the calculated urgency, and if a comment is required when a status change is made.

Es-log review settings.png

  • Allow Overriding of Urgency: This is on by default and allows analysts to override the calculated urgency of a notable event. If it is disabled, the calculated urgency may not be changed.
  • Comment Required: If this is enabled, the length of the required comment can be specified.

Click Save when configuration is complete.

Last modified on 29 January, 2013
Notable event suppression
Security Posture dashboard

This documentation applies to the following versions of Splunk® Enterprise Security: 3.0, 3.0.1

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters