Splunk Enterprise Security
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Unable to Save Scheduled Search in Custom Content in Splunk Security Essentials

p4u
New Member
‎07-17-2024 11:56 AM

Hello community,

I'm encountering an issue while working with custom content in Splunk Security Essentials. I have created a custom content with this search :

 

 

​index=windows sourcetype=WinEventLog 
| stats count(eval(action="success")) as successes count(eval(action="failure")) as failures by src 
| where successes>0 AND failures>100

 

 

However, when I navigate to the content under "Content -> Security Content" and attempt to save this as a scheduled search, the option "Save Scheduled Search" is not available. I noticed that in the pre-existing content, such as "Basic Brute Force," this option is present.

Could you please advise on why this option might not be appearing for my custom content? Are there any additional steps or configurations required to enable this feature for custom content?

Thank you for your assistance!

Best regards

 

Splunk Security Essentials

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Bridging the Gap: Splunk Helps Students Move from Classroom to Career

The Splunk Community is a powerful network of users, educators, and organizations working together to tackle ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...
li.common.scroll-to.top