×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ishanmeena
Observer
Member since: ‎08-06-2023
‎08-13-2023
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-06-2023
View All

Re: Run selected correlation searches in a time-fr...

by in Splunk Search
‎08-12-2023 11:08 PM
‎08-12-2023 11:08 PM
Yee, exactly.  So, we've a SOC with multiple use-cases. Sometimes the pipeline between the ticketing tool and Splunk goes down or sometimes Splunk itself goes down. So, we need to run the correlation searches in that time-frame manually to check for any alerts. What we're trying to do is create a query / dashboard to do that for you. As of now, I could only find the below query but it goes irregular results or sometimes doesn't work at all. | makeresults | eval search=[| rest splunk_server=local /servicesNS/-/-/saved/searches | where title="SomeAlert" | fields qualifiedSearch | rename qualifiedSearch as query | format "" "" "" "" "" ""] | map search="| makeresults | map search="$search$ ... View more

How to run selected correlation searches in a time...

by in Splunk Search
‎08-06-2023 06:48 AM
‎08-06-2023 06:48 AM
Is there a way we can run selected correlation searches in a certain time-frame at once or in queue? Use Case: In case something happens to the SIEM / Pipeline and the searches are not performed and SOC doesn't get alerts. We can use the query to run the selected correlation searches in the selected time-frame via ES Search app. Is that possible?  Also, if it is. Can we create a dashboard out of it for ease of use. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-13-2023 02:28 AM