Alerting

how to use saved search in the middle of query

abhishekdubey00
Engager

alt text

see the below image , how to save the highlighted section of the search in a saved search.. So that I can reuse that

Tags (1)
0 Karma

whrg
Motivator

I can see a lot of field extractions and evals in the highlighted section.
I think it might be best if you create field extractions and calculated fields via Settings / Fields. Then the fields will be automatically created for every search.

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@abhishekdubey006

if you want to reuse search portions in mutliple searches then use macros.

http://docs.splunk.com/Documentation/Splunk/7.2.1/admin/macrosconf

abhishekdubey00
Engager

I don't have access of admin user so how to use through UI

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust
0 Karma

abhishekdubey00
Engager

macro will not work in the middle of the query

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...