Create and manage saved searches in Splunk Enterprise Security
Create a saved search, also called a scheduled report, in Splunk Enterprise Security.
- From the Enterprise Security menu bar, select Security content then Content management.
- Select Create New Content and select Saved Search.
- Create a saved search, also called a scheduled report, following the instructions in the Splunk platform documentation.
- For Splunk Enterprise, see Create a new report in the Splunk Enterprise Reporting Manual.
- For Splunk Cloud Platform, see Create a new report in the Splunk Cloud Platform Reporting Manual.
- Modify the permissions of the report to share it with Enterprise Security so that you can view and manage the search in Enterprise Security, following the instructions in the Splunk platform documentation.
- For Splunk Enterprise, see Set report permissions in the Splunk Enterprise Reporting Manual.
- For Splunk Cloud Platform, see Set report permissions in the Splunk Cloud Platform Reporting Manual.
Create and manage key indicator searches in Splunk Enterprise Security | Create and manage search-driven lookups in Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0, 8.0.1
Feedback submitted, thanks!