Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I capture and verify the response (exit status) of this CLI savedsearch in the shell script?

yelkey
Explorer
‎09-18-2015 12:11 PM

Hi,

This is a follow up question for the same requirement in this question: https://answers.splunk.com/answers/308933/is-it-not-possible-to-run-splunk-cli-savedsearch-w-1.html
I have a requirement where I am invoking a Splunk saved search from a shell script splunk search '|savedsearch "Myreport". My savedsearch looks something like this:

index=ABC|mysearch| table a, b, c, d, e 
  |dboutput database=XXX type=sql "INSERT INTO xyz 
                          (v,w,x,y,z) 
                          VALUES
                          ($$a$$, $$b$$, $$c$$, $$d$$, $$e$$)"

How do I capture and verify the response(exit status) of this CLI savedsearch in the shell script? $? is 0 even if the search fails or there is no data to extract. I have to schedule another saved search based on whether the above search was successful or not. If I use stderr, I need to add some more logic to grep for ERROR and INFO. Is there a simpler way of handling the exit status? Thanks in advance for the help!!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bmacias84
Champion
‎09-18-2015 12:50 PM

I would recommend using the rest api to create a search job with wget or curl. Then you can get the job status and results with a shell script. Other option is to use one of the SDKs.

View solution in original post

Reply
Solved! Jump to solution
Solution

bmacias84
Champion
‎09-18-2015 12:50 PM

I would recommend using the rest api to create a search job with wget or curl. Then you can get the job status and results with a shell script. Other option is to use one of the SDKs.

Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎09-18-2015 01:50 PM

Agree and here is how it can be done.
http://docs.splunk.com/Documentation/Splunk/latest/RESTTUT/RESTsearches

See section Create a search job

0 Karma
Reply
Solved! Jump to solution

yelkey
Explorer
‎09-21-2015 10:09 AM

Thank you. I'll take a look at the link.

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...