Monitoring Splunk

How do I edit the timing for a saved search in an App in ES?

SamHTexas
Builder

I need to change the timing for a few accelerated data model searches (Saved searches) for few apps in Enterprise Security. Thank u in advance.

Labels (1)
Tags (1)
0 Karma

venkatasri
SplunkTrust
SplunkTrust

If you have enough rights you should see something like below, Either Configure -> Content ->Content Management OR Configure -> Content Management 

venkatasri_1-1627351978114.png

 

 

0 Karma

venkatasri
SplunkTrust
SplunkTrust

Hi @SamHTexas 

Have you tried this approach?

Splunk ES App -> Menu Configure -> Content Management -> Filter by Type (Correlation Searches) and then find the  search you want to edit , click on Name you will present with Edit options window and change the schedule then save.

---

An upvote would be appreciated if this reply helps!

SamHTexas
Builder

What is before Splunk ES App -> Menu Configure -> Content Management -> Filter by Type (Correlation Searches) . I don't find Apps-Menu Configure.... Please advise. Thank u

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...