Splunk® Enterprise Security

Use Splunk Enterprise Security

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Investigation Bar

When viewing dashboards within Enterprise Security, an Investigation Bar is visible at the bottom. ES40InvestigationBar.png

  • Load an existing investigation timeline by clicking All Investigations and selecting a timeline.
  • Create a new timeline by clicking Create a New Investigation. Change the name to something descriptive.

After a timeline is loaded in the investigation bar, you can edit the name, view the timeline, or add a note or item from your action history.

  • Change the investigation name by clicking Edit Investigation Name.
  • View the timeline, or close it after you open it, by clicking Toggle Timeline.
  • Add a note by clicking Notes.
  • Add an item from your action history by clicking Action History.

The Investigation bar is hidden on the Search dashboard, but you can add events using event workflow actions. See Add a notable or Splunk event in this manual.

Last modified on 26 October, 2015
My Investigations   Asset and Identity dashboards

This documentation applies to the following versions of Splunk® Enterprise Security: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters