Hi All, I'm having some troubles setting up a response action for my correlation search. Here are the steps I have taken: ES > Content Management > New correlation search > Filled in my search parameters > Add a new response action > Select "Notable" action
I can fill in Title, Description no worries but when I get to Security Domain, Severity, Default Owner, and Default Status, all of those four options have neither a text box or drop down field. I have tried using Chrome and Edge thinking this could be a browser bug, and although the content management UI for splunk can definitely be considered unfinished, It still isn't working. Also, even if I fill out the "Notable" action details and hit save, my correlation search is saved but the response action is not, and it disappears.
Thanks all
... View more