Is it possible to do a search as a background job ...

AkhilKrishnaA · ‎09-13-2018

Hi,
I am trying to automate a Splunk search and export the result to our database. Is it possible to do a search as a background job and webhook it to my API when it completes?

renjith_nair · ‎09-14-2018

@AkhilKrishnaA,

You could create a scheduled alert and set webhook in the alert actions

https://docs.splunk.com/Documentation/SplunkCloud/7.0.3/Alert/Definescheduledalerts

http://docs.splunk.com/Documentation/Splunk/7.1.2/Alert/Webhooks

Happy Splunking!

AkhilKrishnaA · ‎09-14-2018

But which condition can I check to trigger webhook. On which index can I check the status of job.

renjith_nair · ‎09-14-2018

Splunk sends the alert once the search is completed. So you could set the trigger condition based on your requirements , for e.g. "number of results" greater than 0 or number of hosts or even some custom conditions . Please see : http://docs.splunk.com/Documentation/SplunkCloud/7.0.3/Alert/AlertTriggerConditions#Workflow_for_tri...

Happy Splunking!

AkhilKrishnaA · ‎09-18-2018

which Index should I check? Is it possible to create an alert using Java SDK?

renjith_nair · ‎09-18-2018

@AkhilKrishnaA, you search your normal data index and then set it as a scheduled search and port the results to your database.

Please refer to these documents : https://docs.splunk.com/Documentation/SplunkCloud/7.0.3/Alert/Definescheduledalerts

http://docs.splunk.com/Documentation/Splunk/7.1.2/Alert/Webhooks

Java SDK : http://dev.splunk.com/view/java-sdk/SP-CAAAEKY

Happy Splunking!

Is it possible to do a search as a background job and webhook to my API when it completes?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms