I'm having an issue where I am unable to create new correlation searches. I get the following error: There was an error saving the correlation search: In handler 'savedsearch': Data could not be written: /nobody/SplunkEnterpriseSecuritySuite/savedsearches/Threat
Also, the existing searches are not running nor showing up in ES.
