Hi Splunkers,
I just created a saved search and my agenda is to write the event to threat_activity index.
To do this i need to enable "action.threat_activity" param to 1. But when i change the parameter to 1 and save it its not updating instead its showing as action.threat_activity=0.
Is there a work around on this issue. The only thing i need is to write the saved search result to threat_activity.
Kindly help