Which step is NOT part of creating a correlation search?

The correct choice involves understanding the components that contribute to creating a correlation search within Splunk. The focus here is on the essential steps in the process.

Creating a correlation search involves utilizing guided modes, where users can systematically define the parameters and actions for the search. This includes selecting response actions that could be triggered upon finding specific criteria in the data, such as alerts or automated responses. Scheduling the search is another integral step, as it determines how frequently the correlation search will run and evaluate the data for relevant events.

Reviewing prior searches, while potentially beneficial for understanding historical data queries and refining new searches, is not a formal step in the correlation search creation process itself. It serves more as an auxiliary activity to inform the search creation, rather than a mandatory part of the process. Thus, emphasizing actions like creating the search, setting up adaptive responses, and scheduling is more critical to effectively establishing a correlation search.