Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to call a savedsearch with optional arguments

meister245
New Member
‎04-02-2020 02:29 AM

Hello everyone,

I'm very new to splunk and I find it very different than what I have worked so far. I am writing saved searches, where I am passing arguments to the search. I'm looking for a solution how would I be able to pass arguments to a search, that default to a value if the parameter was not given.
Something like this:

[My Search]
search = | savedsearch "Sample Search" \
             argument1=$argument1$ \
             argument2=$argument2$ \
             argument3=if(isnull($argument3$), default_value, $argument3$)

Any advice?

Thanks,

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎04-02-2020 05:53 AM

You could define multiple macros that call your savedsearch. Each macro would have a the same name, but a different number of arguments and would call the savedsearch with the appropriate default value.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

meister245
New Member
‎04-02-2020 02:33 AM

As added comment, I only want to have 1 search defined, that is multi purpose based on the number of arguments it receives. (minimal code redundancy)

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...