Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to Configure Sequential Searches...

lpolo
Motivator
‎03-14-2012 07:07 AM

I have 5 queries that have to be run in sequential order.
Is there a way in Splunk to schedule 5 searches like presented in the example? 

Example:
Schedule Search 1 -> Runs every 2 hours.
Search 2 -> Runs after schedule search 1 is executed.
Search 3 -> Runs after search 2 is executed.
Search 4 -> Runs after search 3 is executed.
Search 5 -> Runs after search 4 is executed.

Any ideas will be appreciated.

Thanks,
Lp

Tags (1)
Reply

Ledion_Bitincka
Splunk Employee
Splunk Employee
‎03-17-2012 01:19 PM

The best way to solve this is through a script which has the flexibility of deciding when to dispatch the searches. You can decide whether to wait for a search to complete before dispatching the next one, or maybe dispatch a couple of them in parallel, or even modify a search based on the results of the previous search.

0 Karma
Reply

lpolo
Motivator
‎03-17-2012 04:38 AM

I have been able to solve this problem in two ways.
1) By determining the max execution time of every scheduled search and then configure the schedule search time of each search accordingly. This approach has its limitations.

2) By creating a script that assures that the set of searches are executed in the define sequential order based on the result set data flow.

It will be nice if the user could use the search scheduler to define the execution order of a set scheduled searches base on the result set data flow as presented in the example.

Thanks.
Lp

0 Karma
Reply

reed_kelly
Contributor
‎07-12-2012 07:16 AM

I agree that this would be a nice enhancement. We have created a lot of independant scheduled searches along with emails of attached CSV reports. We could convert it all to a script, but we have tried to do everything natively.

0 Karma
Reply

lpolo
Motivator
‎03-15-2012 04:38 AM

Yes. I have a sequential inter-dependency as I presented in the example.

Thanks.

0 Karma
Reply

lguinn2
Legend
‎03-14-2012 03:19 PM

Does each search have to wait until the prior search completes?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Splunk Developer Day was packed with product and platform updates for developers building in the AI ...