Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do you schedule a report that needs to run multiple times for different time ranges?

joshiro
Communicator
‎09-30-2024 08:46 AM

We have a report that generates data with the `outputlookup` command and we are in need to schedule it multiple times but with different time ranges.
For this report, we want to run it each day but with different time ranges in sequential order.
Each run requires the previous run to finish so it can load the lookup results for the next run.

We cant just schedule a single report that updates the lookup because we need it to run on different time ranges each time it triggers.

Is there any way we can schedule a report to run in this particular way?
We thought about cloning it multiple times and schedule each one of them differently but it is not an ideal solution.

Regards.

Labels (1)
Labels
Tags (2)
0 Karma
Reply

esalesapns2
Communicator
‎11-07-2024 10:44 AM

I'm having the same requirement.  Maybe one way would be to run it from an external program using API calls to kick off the searches and wait for them to complete?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-30-2024 09:50 AM

Each scheduled report has a single set of attributes.  If multiple attributes (time range, cron schedule, etc) are needed then the report should be cloned and new attributes set on the copy.

---
If this reply helps you, Karma would be appreciated.
Reply

joshiro
Communicator
‎10-01-2024 06:59 AM

That is what we thought.
We are looking for a better solution to avoid cloning the report if it is possible.

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...