Archive

Load Saved Results via CLI

Path Finder

Does anyone know how to load saved results from a previous search via CLI command? The documentation suggests that we can run saved search via CLI command, but there is no mention of loading saved results from a previous search via CLI.

The reason I asked is that we often run search over a large set of data that will take a long time to run (over a few hours), after the search, we would like to save the search result and export the large result set over CLI commands later. Currently the UI limits the export to 10,000 rows.

Thanks!

Tags (1)
1 Solution

Motivator

Take a look at the loadjob command. You can load the results set of a previously executed job if you know either the job's ID or the name of the saved search run. This should work just fine from the CLI.

View solution in original post

Motivator

Take a look at the loadjob command. You can load the results set of a previously executed job if you know either the job's ID or the name of the saved search run. This should work just fine from the CLI.

View solution in original post

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!