schedule a search and output to store on output lookup.


is it possible to schedule a search for every 2 hours and output of the result is to save on output lookup. This output look up must be updated for every 2 hours, where the search runs.

0 Karma


Are you saying

| outputlookup append=true

In a report?
The outputlookup command is documented here and you can of course run it regularly to append to your kvstore/csv.

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!