Re: Search.log records related to past search

lukasmecir · ‎04-26-2021

Hi,

I have question about search.log. I know I can find log records related to particular search in search.log using Job inspector (clicking on link to search.log in bottom of Job inspector). But my question is: is there any way how to get records related to particular search in past? Example: I made some search yesterday and today I would like to get all log records related to this search from search.log file. Is there any way how to do it? Thanks in advance for any info or hint.

Best regards

Lukas

richgalloway · ‎04-26-2021

By default, ad-hoc search results expire after 10 minutes so there's no way to get the log for yesterday's searches, unless you used the Share button to extend the expiration time of the search.

---
If this reply helps you, Karma would be appreciated.

lukasmecir · ‎04-27-2021

Thanks for info, honestly I was afraid about it, but it is good to get confirmation from someone well experienced. Just for clarification - it means, that all records related to particular search are deleted from search.log file 10 minutes after search was performed (with default setting)?

Search.log records related to past search

search head

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!