Solved: Re: Running a saved search in splunk6

krish3 · ‎12-23-2013

Hi,

I am newbie to splunk still now I have configured forwarder, indexer and a splunk server.

Now i created a dashboard and saved it in indexer/Searchhead how can i search it from my splunk server in splunk6.

Thanks in advance!!

somesoni2 · ‎12-23-2013

you have to create your dashboard in the same server/splunk instance where your saved search is configured, and the use the following command to get result of the saved search.

| savedsearch yoursavedsearchname

View solution in original post

somesoni2 · ‎12-23-2013

you have to create your dashboard in the same server/splunk instance where your saved search is configured, and the use the following command to get result of the saved search.

| savedsearch yoursavedsearchname

krish3 · ‎12-24-2013

thanks for the info..

somesoni2 · ‎12-24-2013

Nope, you can't execute a saved search in another Splunk instances from the web interface - unless you write your own custom command for doing something like that. You can Add your Indexer (on which the Search Head's Saved Search is querying) as Search peer and recreate the saved search.

In savedsearch , you'll provide name of your saved search which can be find from Manager->Searches & Reports.

krish3 · ‎12-24-2013

I have created a saved search on search head is it possible to run that from master node.

And what should i give in savedsearch name is it that "unique id"(where can i find that ID)

Running a saved search in splunk6

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation