Investigation Bar
When viewing dashboards within Enterprise Security, an Investigation Bar is visible at the bottom.
- Load an existing investigation timeline by clicking All Investigations and selecting a timeline.
- Create a new timeline by clicking Create a New Investigation. Change the name to something descriptive.
After a timeline is loaded in the investigation bar, you can edit the name, view the timeline, or add a note or item from your action history.
- Change the investigation name by clicking Edit Investigation Name.
- View the timeline, or close it after you open it, by clicking Toggle Timeline.
- Add a note by clicking Notes.
- Add an item from your action history by clicking Action History.
The Investigation bar is hidden on the Search dashboard, but you can add events using event workflow actions. See Add a notable or Splunk event in this manual.
My Investigations | Asset and Identity dashboards |
This documentation applies to the following versions of Splunk® Enterprise Security: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6
Feedback submitted, thanks!