Hello,
Was wondering if this is even possible, but have parameter input in a saved search that you can fill out before loading the search. Which will pass through the parameters (reducing typing).
Or some sort of function/macro (Something similar to what Splunk or MS sentinel has).
Is something like this possible at this time?
Page 1 / 1
Hello,
You can save a search and specify input parameters for variables. See the documentation on Chronicle for this. Chronicle does provide some default saved searches too.
Hope this helps,
Mantha
@mokatsu - You might also want to check out John Stoner's recent blog post: New to Chronicle: Saved Searches
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.