Splunk® IT Service Intelligence

Administer Splunk IT Service Intelligence

Download manual as PDF

Download topic as PDF

Create correlation searches in ITSI

You can create your own correlation searches to generate notable events, throttle events, and perform other actions automatically based on a correlation in events.

Create a correlation search manually if you are an expert with SPL. You can review the included correlation searches for examples of the search methodology and available options. Test your correlation search ideas on the Search page before implementing them.

Steps:

  1. From the ITSI main menu, click Configure > Correlation Searches.
  2. Click Create New Search > Create Correlation Search.

You can also create a correlation search by cloning an existing one. In the Actions column on the correlation search lister page, click Edit > Clone.

For information on configuring correlation searches, see Configure correlation searches in ITSI.

PREVIOUS
Correlation search overview for ITSI
  NEXT
Configure correlation searches in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.1.0, 4.1.1, 4.1.2, 4.1.5, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.4.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters