Splunk search for Active correlation searches in Enterprise Security
Copy
| rest splunk_server=local /services/saved/searches | where match('action.correlationsearch.enabled', "1|[Tt]|[Tt][Rr][Uu][Ee]") and match('is_scheduled',"1") and match('disabled',"0") | table title search
This Splunk search will provide a list of all currently active and scheduled correlation searches in Enterprise Security.
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment