Add a new queue

Add a new team-based queue to organize findings and investigations into a focused workspace that reflects a certain team's responsibilities. Only admins can add a new queue.
  1. In Splunk Enterprise Security, select Configure and then Findings and investigations.
  2. Select Team queues.
  3. Select + Team-based queue.
  4. Enter a name for the queue. The name of each queue must be unique.
  5. (Optional) Enter a description for the queue.
  6. (Optional) In the Settings section of the dialog box, select the checkbox to allow analysts to move items to other queues.
    Checking this option grants analysts permission to move findings and investigations from one team queue to another. You can edit this setting at any time.
  7. Select Save.
Assign visibility to a queue