Create correlation searches in ITSI
You can create your own correlation searches to generate notable events, throttle events, and perform other actions automatically based on a correlation in events.
Create a correlation search manually if you are an expert with SPL. You can review the included correlation searches for examples of the search methodology and available options. Test your correlation search ideas on the Search page before implementing them.
- From the ITSI main menu, click Configure > Correlation Searches.
- Click Create New Search > Create Correlation Search.
You can also create a correlation search by cloning an existing one. In the Actions column on the correlation search lister page, click Edit > Clone.
For information on configuring correlation searches, see Configure correlation searches in ITSI.
Correlation search overview for ITSI
Configure correlation searches in ITSI
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.1.0, 4.1.1, 4.1.2, 4.1.5, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5