Reporting

schedule a search and output to store on output lookup.

Explorer

is it possible to schedule a search for every 2 hours and output of the result is to save on output lookup. This output look up must be updated for every 2 hours, where the search runs.

0 Karma

SplunkTrust
SplunkTrust

Are you saying

| outputlookup append=true

In a report?
The outputlookup command is documented here and you can of course run it regularly to append to your kvstore/csv.