Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
225 results
Sort by:
05-30-2024
07:39 AM
Is there a way to run a search for all correlation searches and see their response actions? I want to see what correlation searches create notable events and which ones do not. For e...
03-25-2022
11:25 AM
I'm really overthinking this, but am lost.
I need to show when new correlation searches are introduced into the environment. I have a lookup with the current correlation searches, along w/ r...
Labels
- Labels:
-
audit
09-14-2022
07:30 AM
...omething5
That would mean that whenever a new source type is onboarded I would have to manually add it to all the correlation searches that I created or that are by default in Splunk Enterprise Security c...
Labels
- Labels:
-
sourcetype
12-01-2016
08:24 AM
...ecurity correlation search and create a notable event for every src that is above medium values.
Anyone got any experience with this?
01-09-2024
10:02 PM
Hi I have to create correlation searches in Splunk ES My cron schedule will be */60**** Is it better to use a real-time schedule or a continuous schedule? Is it necessary to fill the time r...
- Tags:
- other
02-04-2015
11:14 AM
Hello All,
I am very new to Splunk.
Can someone help me with this use case please:
I have to create a search which should take an IP coming from a data source A and take that IP go to a file g...
- Tags:
- correlation
- search
07-02-2024
04:29 AM
Hi, I have a correlation search created in Enterprise security. Scheduled as below. Mode: guided Time range> Earliest: -24h, Latest: Now, Cron: 0 03 * * *, scheduling: realtime, schedule w...
Labels
- Labels:
-
alert action
-
email
01-02-2020
10:06 AM
Hi ,
How to create custom correlation search is ES app. For eg: Traffic to suspicious country
05-27-2015
05:20 PM
1 Karma
...ours I get results, however no notable events are created. Does the correlation search syntax need to be in a certain format to generate the notable event?
