Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Enterprise Security: How do I Reassign a Splunk ES Correlation Search to a New User?

bradp1234
Path Finder
‎11-22-2016 04:04 PM

We have a Splunk ES user who has left and now their correlation searches are orphaned. I am aware of the feature to clone a saved search, but wasn't sure if Splunk ES needed additional steps to ensure the notable and other ES data would be retained with the clone. I tried to clone the correlation search, but this only created a new saved search and not a true correlation search with notable information.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bradp1234
Path Finder
‎11-23-2016 02:52 PM

By editing the local.meta file in the various Splunk ES apps (e.g. SA-AuditAndDataProtection) at /opt/splunk/etc/apps/app-name/metadata/local.meta and replacing the disabled owner with the username of an active user, the orphaned searches notification was resolved.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

bradp1234
Path Finder
‎11-23-2016 02:52 PM

By editing the local.meta file in the various Splunk ES apps (e.g. SA-AuditAndDataProtection) at /opt/splunk/etc/apps/app-name/metadata/local.meta and replacing the disabled owner with the username of an active user, the orphaned searches notification was resolved.

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...