I've looked around for a little and but was trying to find out if there was a way to backup and do version control with comments on saved correlation searches.
We have multiple users that have access to our content in ES and wanted to do a well-documented version control/ backup of searches used in correlation search. We are currently doing this via private git instance but wanted to explore possibilities through Splunk.
I've found some guidance using index=_internal from below but didn't get too far working with different source types within the index.
... View more