- Splunk Answers
- :
- Using Splunk
- :
- Reporting
- :
- Re: How to Schedule a search for every 30 seconds.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to Schedule a search for every 30 seconds.
I need to schedule a saved search for every 30 seconds, but I find the Basic one minute as the minimum schedule, which is also same in crons, please suggest is any other way to schedule for seconds.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You cannot directly but you can run a CLI-based search on the search head so you can setup a cron job with 2 searches to run every second like this:
* * * * * /my30SecondScript
And then inside my30SecondScript do something like this:
exec '/opt/splunk/bin/splunk search "my search string"'
sleep 30
exec '/opt/splunk/bin/splunk search "my search string"'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To have perfect run intervals, a user can append ampersand (&) before every such sleep command.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is it possible to make a "sleep 30" custom splunk command? Is it possible to make 2 copies of the same saved search, and then put a sleep 30 in one of them?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk has a facility to create your own splunk commands but I have never done so so I cannot speak to that. You could to the latter which is the same as my solution but removing the first line of the script code that I wrote.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Where do you put the my30SecondScript?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can I use the splunk job scheduler as a "highly available cron" to run arbitrary scripts? Splunk's job scheduler picks 1 of the search heads in an SHC to run a scheduled search. Splunk's job scheduler also prevents successive long running jobs to overlap.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Exactly the plan.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AFAIK, cron does not go down to sub-minute resolutions/granularity.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @miteshvohra,
Is there any way to schedule in seconds.
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
