Hello all,
I'm using a Correlation Search to create a Log Event as below:
hxxps://docs.splunk.com/Documentation/Splunk/7.2.6/Alert/LogEvents
Whilst it works, I can't figure out how to get more information into the "Event text" other than free text. I would like to include some data from the original correlation search.
The idea is it would trigger on a port scanning correlation for example and create "Port scan from x.x.x.x". Then there would be another search that picks up that event and correlates it with vuln scanning, etc.