Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Basic question about scheduled search

jip31
Motivator
‎11-15-2019 02:37 AM

hello

In my dashboard, I use a scheduled search with a filter token because i have a dropdown list which allow me to do a filter by SITE
But I need to execute the stats command after the loadjob because I need to pick up all the 10 events (head 10) for a specific site
If I am doing the stats command directly in the savedsearch, I pick up all the 10 events (head 10) but for different sites
Is there a solution to solve the problem directly in the saved search because if I am doing the stats command afer the loadjob, its not very useful to use a scheduled search

| loadjob savedsearch="admin:SA_Monitoring_sh:Performances - Compliance host" 
| search SITE=$tok_filtersite|s$ 
| stats values(SITE) as SITE, count by host flag
| where isnotnull(flag) 
| rename host as Hostname, flag_patch_version as "Patch level", SITE as Site
| fields - count 
| table Hostname Site "Patch level" 
| sort +"Patch level" 
| head 10

thanks

Tags (1)
0 Karma
Reply

gfreitas
Builder
‎11-15-2019 04:48 AM

You can change the saved search and remove the stats command from it. Other options would include create a new saved search with the same contents from the previous one and remove the stats and a third option is to use a macro with variables. The macro would filter the site. The macro can be pretty much the same as your saved search.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...