Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can we force a query to launch first?

Gonzalo
Engager
‎08-04-2022 08:57 AM

Hello, I am new to splunk, I have no idea, and I am asking for your help, this is my question:
Can we force a query to launch first?

it would be launching the query: |rest /servicesXY/-/-/saved/searches timeout=0 before the rest.

I thank you very much for your time and help.

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-04-2022 09:42 AM

Please tell us more about your use case.  When is the query launching?  If this query must be first, what is expected to follow?  Why is the sequence important?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

Gonzalo
Engager
‎08-04-2022 10:15 AM

When this query is launched after others, it does not end well, that is, it ends due to timeout, and I have been given the task of searching for that query to be launched first.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-04-2022 11:33 AM

I still don't understand this use case.  Splunk queries run continuously so, other than right after Splunk starts, there is no concept of a "first" query.  Searches can be scheduled in a manner that allows some to run before others, however.  Is that what you need?  If so, it's a matter of setting the schedules such that the "first" query runs at, say, 0100, and the others run some time later (allowing time for the first to complete). perhaps at 0130.

There is no other mechanism, however, to specify search "foo" must run before search "bar" or that search "bar" cannot run before search "foo".

---
If this reply helps you, Karma would be appreciated.
Reply

Gonzalo
Engager
‎08-04-2022 12:51 PM

Thank you very much for your answer, I will see it.

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...