Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Do Reports contain results of past searches or are they only a reference to a saved search query?

koocies
Path Finder
‎09-25-2020 12:20 PM

I'm new to Splunk and I find Splunk reports confusing.

In other SIEMS a report is the results of a previously ran query. However, it seems to be that reports are saved search queries without results of previous runs. So, when I click a report name it seems to be rerunning the query and now showing results of a previous run.

Are my assumptions & understand of reports correct?

Labels (1)
Labels
Tags (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-25-2020 12:42 PM

It's most common for a report to run a query and display the results.  It is possible, however, to create a report that displays the results of a previously-run saved search.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through:An introduction to the Splunk Threat ...

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! 🌈 In the United States, as well as many countries around the ...

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...