Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Correlation Search use Adaptive Response Actions 5mins stop

wlight600
Engager
‎04-10-2020 05:03 AM

when I create a Correlation Search ,this Correlation Search will trige Adaptive Response Actions. But search result is very large,so action will run for a long time. But when action run after 5min,this action stop. I don't know why action stop but search result didn't process completely. How to make the 5min disappear.

Labels (2)
0 Karma
Reply

lakshman239
SplunkTrust
SplunkTrust
‎05-06-2020 02:35 AM

Rather than trying to increase Adaptive Response (AR) timeout, I would try to simplify your correlation search and the other searches required to feed inputs to AR, so they complete quickly. E.g you may pre-process known data/searches, to be used in correlation and/or AR invocations.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...