All Apps and Add-ons

Unable to set the "action.threat_activity" to "1" from the advanced edit option of the saved search

Path Finder

Hi Splunkers,

I just created a saved search and my agenda is to write the event to threat_activity index.

To do this i need to enable "action.threat_activity" param to 1. But when i change the parameter to 1 and save it its not updating instead its showing as action.threat_activity=0.

Is there a work around on this issue. The only thing i need is to write the saved search result to threat_activity.

Kindly help

alt text

0 Karma
Get Updates on the Splunk Community!

Welcome to the Future of Data Search & Exploration

You have more data coming at you than ever before. Over the next five years, the total amount of digital data ...

What’s new on Splunk Lantern in August

This month’s Splunk Lantern update gives you the low-down on all of the articles we’ve published over the past ...

This Week's Community Digest - Splunk Community Happenings [8.3.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...