Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Run a Scheduled Report on Demand

shocko
Contributor
‎01-31-2017 04:50 AM

Guys, I have a scheduled report that is e-mail to about 10 people once weekly. Often though I'd like to trigger it on an ad-hoc basis so it gets sent again. Currently, I simply export the results to a PDF and e-mail it but this is a pain 🙂 How can I do send the report from Splunk by triggering it?

Tags (1)
Reply

codebuilder
SplunkTrust
SplunkTrust
‎02-14-2020 03:24 PM

You can manually schedule a saved search via the command line.

This is the syntax that I currently use:

curl -k -u admin:password https://xx.xxx.xxx.xx:8089/servicesNS/admin/your_app_name_here/saved/searches/saved_search_name_here... -d schedule_time=2020-02-14T011:42:CST.

Worth noting:
The period after CST is required, it's not punctuation in this case.
The "reschedule" does not actually alter or impact the original configured schedule.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply

codebuilder
SplunkTrust
SplunkTrust
‎02-14-2020 03:29 PM

Also, below is the syntax to use if your saved search is not within the context of an app.

curl -k -u admin:password https://xx.xxx.xxx.xx:8089/servicesNS/admin/saved/searches/saved_search_name_here/reschedule -d schedule_time=2020-02-14T011:42:CST.

----
An upvote would be appreciated and Accept Solution if it helps!
Reply

codebuilder
SplunkTrust
SplunkTrust
‎03-05-2020 12:04 AM

If you found this advice helpfu, please accept the answer as it benefits the entire community, which is the goal.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply

radam2000
Path Finder
‎04-06-2018 10:25 AM

yes so how do I do that...I don't see any cron options in the drop down for edit schedule

0 Karma
Reply

somesoni2
SplunkTrust
SplunkTrust
‎01-31-2017 06:52 AM

You can change the cron schedule, temporarily, to something in next 5-10 mins, wait for the alert to run successfully and revert back. Other option would be to add a sendemail command, with options matching your alert email setting (To,Cc,Subject, attachment etc) and run the search manually. I prefer the first one as it doesn't require additional testing.

0 Karma
Reply

spunk311z
Path Finder
‎01-01-2020 08:26 PM

thanks for your answer, so am i correct to assume that there is no way to do this in splunk directly? (ie there is no place or way to click run scheduled report now?)
tks

0 Karma
Reply

patterc
Path Finder
‎02-14-2020 11:25 AM

i have the same question. it would be really nice to be able to click a button and have a report run from the Reports tab within an app. sometimes the scheduled search returns partial results or doesn't work at all (especially if there was an issue getting data indexed) and then the dashboard that uses a report is wrong. just being able to run the reports ad-hoc instead of rewriting the cron schedule would be much nicer.

Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...