Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Can someone help me on basic questions about search refresh?

jip31
Motivator
‎05-04-2022 12:22 AM

Hi

 

I use a search refresh like this

 

          <earliest>-15m</earliest>
          <latest>now</latest>
          <refresh>30s</refresh>
          <refreshType>delay</refreshType>

 

 I have 2 questions :

1) Is the refresh delay starts from the search saving? 

2) Is it possible to synchronize th search delay between 2 searches because actually I use the same refresh delay between 2 searches but the refresh doesn't occurs in the same time

Thanks

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎05-04-2022 01:21 AM

If the two searches are based on the same search, but with different outputs, then you can make a base search used by both searches and apply the refresh setting to the base search, which will then cause both post processing searches to execute at the same point.

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎05-04-2022 01:21 AM

If the two searches are based on the same search, but with different outputs, then you can make a base search used by both searches and apply the refresh setting to the base search, which will then cause both post processing searches to execute at the same point.

 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-04-2022 12:26 AM

Hi @jip31,

search delay is a cron definition, so it's fixes every 30 seconds (in your case), it isn't influenced by the search duration.

It isn't possible to synchronize the refreshes of two searches, you have to measure the average duration of each search and choose the delays.

Ciao.

Giuseppe

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...