Monitoring Splunk

How do I edit the timing for a saved search in an App in ES?

SamHTexas
Builder

I need to change the timing for a few accelerated data model searches (Saved searches) for few apps in Enterprise Security. Thank u in advance.

Labels (1)
Tags (1)
0 Karma

venkatasri
SplunkTrust
SplunkTrust

If you have enough rights you should see something like below, Either Configure -> Content ->Content Management OR Configure -> Content Management 

venkatasri_1-1627351978114.png

 

 

0 Karma

venkatasri
SplunkTrust
SplunkTrust

Hi @SamHTexas 

Have you tried this approach?

Splunk ES App -> Menu Configure -> Content Management -> Filter by Type (Correlation Searches) and then find the  search you want to edit , click on Name you will present with Edit options window and change the schedule then save.

---

An upvote would be appreciated if this reply helps!

SamHTexas
Builder

What is before Splunk ES App -> Menu Configure -> Content Management -> Filter by Type (Correlation Searches) . I don't find Apps-Menu Configure.... Please advise. Thank u

Tags (1)
0 Karma