Splunk® SOAR (On-premises)

Use Splunk SOAR (On-premises)

The visual editor for classic playbooks was removed from Splunk SOAR in release 6.4.0. Convert your classic playbooks to modern mode. Your classic playbooks will continue to run and you can view and edit them in the SOAR Python code editor.
For details, see:

Update or edit an event in

You can edit or set several attributes of an event, also called a container, using the /set command.

You can set or edit these attributes:

  • name
  • label
  • owner_id
  • status
  • severity
  • sensitivity

Use the following format to set an attribute: 

/set <attribute> <value>

You can use datapaths to set attributes for multiple events at a time. See Use a datapath in .

Examples

Rename a container 

/set <current name> <new name>

Set the severity of an event 

/set severity high

Set the status of an event 

/set status open
Last modified on 07 March, 2023
Add a note in   Use a datapath in

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.1.0, 5.2.1, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2, 6.3.0, 6.3.1, 6.4.0

Acrobat logo Download manual
Acrobat logo Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters