This documentation does not apply to the most recent version of Splunk® App for PCI Compliance.
For documentation on the most recent version, go to the latest release.
Start an investigation in
You can start an investigation in several ways in .
- Start an investigation from Incident Review while triaging notable events. See Add a notable event to an investigation.
- Start an investigation with an event workflow action. See Add a Splunk event to an investigation.
- Start an investigation from the Investigations dashboard.
- Start an investigation when viewing a dashboard using the investigation bar.
By default, users with the pci_admin and pci_analyst roles can start an investigation.
Start an investigation from the Investigations dashboard
Start an investigation from the Investigations dashboard.
- Click Create New Investigation.
- Type a title.
- (Optional) Type a description.
- Click Save.
Start an investigation from the investigation bar
When viewing dashboards in , you can see an investigation bar at the bottom of the page. You can use the investigation bar to track your investigation progress from any page in .
- Click the
icon to create an investigation. - Type a title.
- (Optional) Type a description.
- Click Save.
The investigation is loaded in the investigation bar.
Last modified on 10 July, 2017
| Investigations in | Add details to an investigation in |
This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.1.3, 3.4.0, 3.4.1, 3.4.2
Download manual
Feedback submitted, thanks!