Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

savedsearch best practice

jip31
Motivator
‎10-21-2018 06:26 AM

hello

i need to monitor events on a huge number of workstations
i want to know the exact way to use saved search in order to execute the query at a planned date
is it the good way to create a planned report, to copy data in a lookup and to call the data from a Dashboard
or is it better to create a planned report and to call the report from the Dashboard with | savedserarch???
Many thanks for your help

Tags (1)
Reply

iamarkaprabha
Contributor
‎10-27-2018 08:20 AM

I would suggest you to use datamodel if possible for optimizations

Reply

adonio
Ultra Champion
‎10-21-2018 05:36 PM

what is the exact requirement? what are you searching for across 'huge number of workstations"? how long does it takes to the search to complete?
in any case, i'd recommend to schedule a report and also cap the exact time. example: run a search every night at 1:00 am, add to search: earliest=-25h-15m@m latest=-1h-15m@m this will ensure you will not miss an event and even if your search takes 75 minutes to run. also, after i ran, you can use |savedsearch or |loadjob or just add it as a panel to a dashboard.

Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...