I have this correction search we use to help detect common potential web attacks in IIS logs. The problem is that while the correlation is enabled, it does not fire off when a matching result is found. When we run the same search in a Search window for the same time frame, results are found that the correlation search missed. I cannot figure out why the Correlation Search does not fire.
This is the configuration of the correlation search we are running: