Splunk SOAR

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS About This Site Community Support Supported Add-ons

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS About This Site Community Support Supported Add-ons

Documentation

Splunk SOAR

Splunk SOAR Contents

SOAR (Cloud)

SOAR (On-premises)

Use Splunk SOAR (On-premises)

Splunk App for SOAR

Splunk App for SOAR Export

Splunk Automation Broker

Update or edit an event in Splunk SOAR (On-premises)

You can edit or set several attributes of an event, also called a container, using the /set command.

You can set or edit these attributes:

name
label
owner_id
status
severity
sensitivity

Use the following format to set an attribute:

/set <attribute> <value>

You can use datapaths to set attributes for multiple events at a time. See Use a datapath in Splunk SOAR (On-premises).

Examples

Rename a container

/set <current name> <new name>

Set the severity of an event

/set severity high

Set the status of an event

/set status open

Product Guides

Splunk SOAR (On-premises)

Last updated: May 12, 2025

Explore Topics

Splunk Observability Cloud

Splunk IT Service Intelligence

Splunk Cloud Platform

Splunk Enterprise

Data Management

Splunk Enterprise Security 8

Splunk Enterprise Security 7

Splunk SOAR

Security Offerings

AppDynamics SaaS

About This Site

Community Support

Supported Add-ons

©2005-2025 Splunk Inc. All rights reserved.