We have recently installed ES for Splunk and have over 150K+ incidents that I want to close that were opened prior to tuning the correlation searches. Does any one know of an 'easy' way to do this besides editing them through the Incident Review page?
... View more