Start an investigation in
You can start an investigation in several ways in .
- Start an investigation from Incident Review while triaging notable events. See Add a notable event to an investigation.
- Start an investigation with an event workflow action. See Add a Splunk event to an investigation.
- Start an investigation from the Investigations dashboard.
- Start an investigation when viewing a dashboard using the investigation bar.
By default, users with the pci_admin and pci_analyst roles can start an investigation.
Start an investigation from the Investigations dashboard
Start an investigation from the Investigations dashboard.
- Click Create New Investigation.
- Type a title.
- (Optional) Type a description.
- Click Save.
Start an investigation from the investigation bar
When viewing dashboards in , you can see an investigation bar at the bottom of the page. You can use the investigation bar to track your investigation progress from any page in .
The investigation is loaded in the investigation bar.
Add details to an investigation in
This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.1.3, 3.4.0, 3.4.1, 3.4.2