Solved: How to reschedule a saved search to run at a futur...

kamal_jagga · ‎11-10-2015

Hi,

I have a saved search scheduled which runs every morning, but sometimes the data is not available. So...
1. I want to first search/detect whether latest data is there or not.
2. If not, schedule the search for 12 hours later.
3. If Yes, then run the search.

Basically, I want to reschedule the search by 12 hours, if the required data for that search has not been ingested in Splunk.

Kindly advise.

kamal_jagga · ‎11-10-2015

i thought of a solution.
1. Run alert for data found.
2. If Yes,Run the shell script in alert . using shell script.
Run the saved search using curl command.
3. If No, Go to step 1

View solution in original post

kamal_jagga · ‎11-10-2015

i thought of a solution.
1. Run alert for data found.
2. If Yes,Run the shell script in alert . using shell script.
Run the saved search using curl command.
3. If No, Go to step 1

How to reschedule a saved search to run at a future time if the latest data is not present?

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Join the Conversation

How to reschedule a saved search to run at a future time if the latest data is not present?

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+