Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Running mulitple reports with a certain time gap

Chandras11
Communicator
‎08-24-2018 12:43 AM

Hi everyone,

I have 3 reports dependent on the outcome of each other
The 1st report generates a FirstReportOutputcsv, which is the input for the Second report
The 2nd report generates a SecondReportOutputcsv, which is the input for the Third report.
The 2nd report generates a ThirdReportOutputcsv, which is the final output.

As of now, I have scheduled these reports at a certain time every day.

Is it possible to run all 3 reports from the search head with a time gap of 5 minutes?

Thanks a lot in advance.

0 Karma
Reply

nadlurinadluri
Communicator
‎08-24-2018 01:56 PM

You can do that!! But you need to be mindful of the duration the earlier searches takes. There will be always an issue if the first search takes more than 5 minutes (due to some issues) and that hinders the second searches output. Having a safe gap b/w the searches will help you in this case

Reply

Chandras11
Communicator
‎08-26-2018 12:45 PM

Ok, That's a good point. However, do you know, how can we run multiple reports /Queries from the search head with a certain time gap duration. Is there any example available.

0 Karma
Reply

nadlurinadluri
Communicator
‎08-27-2018 02:22 PM

I am not exactly sure about your ask!!
If you are asking how to schedule the reports:
You can schedule each report with a cron scheduler, and give a timegap of 5/10 minutes
report 1 ... 5,20,35,50 * * * *
report 2 .... 10,25,40,55 * * * *
report 3 .... 15,30,45,00 * * * *

Please adjust the cron scheduler according to your needs.

http://docs.splunk.com/Documentation/Splunk/latest/Report/Schedulereports#Schedule_reports_in_Settin...

0 Karma
Reply

Chandras11
Communicator
‎08-28-2018 06:53 AM

I already scheduled them in reporting with cron schedule 20 */3 * * 1-5 , 25 */3 * * 1-5 and 30 */3 * * 1-5.

What I need to know is that if we can run multiple reports from a single Search head (As a single query) with a defined time gap in between.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...