We're migrating from slack to teams and I'm trying to find an efficient way to identify all our saved searches that use the slack connections. I can see thoses saved searches that have been triggered with the below query, but is there a way to find all (i.e. not triggered), otherwise it'll be manual task to check every saved search:
(_index=sumologic_audit and _sourceName=SCHEDULED_SEARCH) //("Scheduled search alert triggered")
| parse "[Destination=*]" as Destination
| parse "[Name=*]" as SavedSearchName
| parse "[AlertType=*]" as AlertType nodrop
Please sign in to leave a comment.