I have a simple search alert such as (index=A src_user=userA) which uses lookup tables to filter data. I'd like these alerts to create notable events of a specific type, and automatically get assigned to someone. It appears as though the only way to customize notable event information like this is with a correlation search.
Is there a way to use a simple search, such as above, as a correlation search to be able to utilize the advanced settings for a notable event? I have created a version of this search with a data model to use it as a correlation search, but it is extremely slow compared to the simple search equivalent.
... View more