Hey everyone,
I've looked around for a little and but was trying to find out if there was a way to backup and do version control with comments on saved correlation searches.
We have multiple users that have access to our content in ES and wanted to do a well-documented version control/ backup of searches used in correlation search. We are currently doing this via private git instance but wanted to explore possibilities through Splunk.
I've found some guidance using index=_internal from below but didn't get too far working with different source types within the index.
https://answers.splunk.com/answers/525792/is-there-an-audit-log-that-tracks-changes-to-conte.html
Thanks!
... View more