Splunk search for Last Time a Correlation Search Was Updated
Copy
| rest splunk_server=local /servicesNS/-/-/saved/searches | where match('action.correlationsearch.enabled',"1|(?i)true") | table title search updated
This search will provide a list of enabled correlation searches as well as the date they were most recently updated. To search for information on a specific search add: | search title=<name of search>
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment