I'm not able to generate episode with or without smart mode.
I see entries in index="itsi_tracked_alerts"
Every minutes i see in internal logs:
index=_internal itsi_event_grouping
02-10-2020 00:38:30.664 +0100 INFO StreamedSearch - Streamed search search starting: search_id=remote_server01_rt_1581291503.609, server=server01, active_searches=3, search='rtlitsearch (index=_internal itsi_event_grouping) | fields keepcolorder=t "*" "_bkt" "_cd" "_si" "host" "index" "linecount" "source" "sourcetype" "splunk_server"', remote_ttl=600, apiStartTime='MIN_TIME', apiEndTime='MIN_TIME', savedsearch_name=""
How can i check in different way that itsi_event_grouping saved search is running?
... View more