Splunk® IT Service Intelligence

Administration Manual

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of ITSI. Click here for the latest version.
Acrobat logo Download topic as PDF

Create correlation searches in ITSI

You can create your own correlation searches to generate notable events, throttle events, and perform other actions automatically based on a correlation in events.

Create a correlation search manually if you are an expert with SPL. You can review the included correlation searches for examples of the search methodology and available options. Test your correlation search ideas on the Search page before implementing them.

Steps:

  1. From the ITSI main menu, click Configure > Correlation Searches.
  2. Click Create New Search > Create Correlation Search.

You can also create a correlation search by cloning an existing one. In the Actions column on the correlation search lister page, click Edit > Clone.

For information on configuring correlation searches, see Configure correlation searches in ITSI.

Last modified on 03 March, 2020
PREVIOUS
Correlation search overview for ITSI
  NEXT
Configure correlation searches in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.1.0, 4.1.1, 4.1.2, 4.1.5, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters