Re: Is it possible to do a search as a background ...

AkhilKrishnaA · ‎09-13-2018

Hi,
I am trying to automate a Splunk search and export the result to our database. Is it possible to do a search as a background job and webhook it to my API when it completes?

renjith_nair · ‎09-14-2018

@AkhilKrishnaA,

You could create a scheduled alert and set webhook in the alert actions

https://docs.splunk.com/Documentation/SplunkCloud/7.0.3/Alert/Definescheduledalerts

http://docs.splunk.com/Documentation/Splunk/7.1.2/Alert/Webhooks

Happy Splunking!

AkhilKrishnaA · ‎09-14-2018

But which condition can I check to trigger webhook. On which index can I check the status of job.

renjith_nair · ‎09-14-2018

Splunk sends the alert once the search is completed. So you could set the trigger condition based on your requirements , for e.g. "number of results" greater than 0 or number of hosts or even some custom conditions . Please see : http://docs.splunk.com/Documentation/SplunkCloud/7.0.3/Alert/AlertTriggerConditions#Workflow_for_tri...

Happy Splunking!

AkhilKrishnaA · ‎09-18-2018

which Index should I check? Is it possible to create an alert using Java SDK?

renjith_nair · ‎09-18-2018

@AkhilKrishnaA, you search your normal data index and then set it as a scheduled search and port the results to your database.

Please refer to these documents : https://docs.splunk.com/Documentation/SplunkCloud/7.0.3/Alert/Definescheduledalerts

http://docs.splunk.com/Documentation/Splunk/7.1.2/Alert/Webhooks

Java SDK : http://dev.splunk.com/view/java-sdk/SP-CAAAEKY

Happy Splunking!

Is it possible to do a search as a background job and webhook to my API when it completes?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!