×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
E83129
Engager
Member since: ‎01-10-2019
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 2
Member Since ‎01-10-2019
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Rename the existing Correlation search?

by in Splunk Search
‎01-10-2019 06:20 PM
2 Karma
‎01-10-2019 06:20 PM
2 Karma
The above poster's answer does not work on the latest Enterprise Security version. You must visit the following file YOUR_SPLUNK_DIRECTORY/etc/apps/SplunkEnterpriseSecuritySuite/local/savedsearches.conf Then modify two lines. I copied and pasted my config below with the parts that need to be modified in bold. [Threat - User Failed to Login More Than 100 Times - Rule] action.correlationsearch.enabled = 1 action.correlationsearch.label = User Failed to Login More Than 100 Times Restart your Splunk instance after by running the following sudo YOUR_SPLUNK_DIRECTORY/bin/splunk restart ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All