Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Does a search variable in filter exception within search command require special handling?

pm771
Communicator
‎07-28-2022 09:45 AM

This is my 2nd follow-up regarding this solution:  https://community.splunk.com/t5/Alerting/How-can-I-query-to-get-all-alerts-which-are-configured/m-p/...  

My question now is about the search field (that contains the actual Splunk query behind each alert).  Does this field require any special handling?

If I need to use this field for filtering purposes inside a search command, would it be different than using any other field like title.

Or can I simply use something like following:

 

|rest/servicesNS/-/-/saved/searches | search alert.track=1 AND title="prefix*" AND search="index=someindex*"

 



 

0 Karma
Reply

pm771
Communicator
‎07-28-2022 02:43 PM

@richgalloway 

I understand that. My question was specific to search field that that is a part of REST call return. 

Is REST call similar to sub-search in regards to the special meaning of search field?

Like something similar to https://community.splunk.com/t5/Splunk-Search/Subsearch-fields-quot-query-quot-quot-search-quot-How-...

 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-28-2022 05:34 PM

It's just a field.  There's nothing wrong or special about 

| search search=foo
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-28-2022 11:02 AM

When you run a query without a leading | character you are running an implicit search command.  Explicit search commands are very much the same.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...