Solved: Re: How can I list all the scheduled searches?

danielbb · ‎02-25-2020

We have some spikes for concurrent search jobs? therefore, how can I list all the scheduled searches for a given moment?

koshyk · ‎02-26-2020

Do you have "MOnitoring Console" configured? This one should show which search takes time in past xx minutes etc.

But if you want as a SPL query, please try

index=_audit sourcetype=audittrail savedsearch_name=* info="completed"
| timechart avg(total_run_time) by savedsearch_name

Please note, there will be 100's of saved-searches, so better if you put some kind of filter or list , so you can pinpoint which one runs slower etc. You can adjust the "Time range" to find which one was running at a given time slot. (You can change info=completed too to find all the stages)

View solution in original post

koshyk · ‎02-26-2020

Do you have "MOnitoring Console" configured? This one should show which search takes time in past xx minutes etc.

But if you want as a SPL query, please try

index=_audit sourcetype=audittrail savedsearch_name=* info="completed"
| timechart avg(total_run_time) by savedsearch_name

Please note, there will be 100's of saved-searches, so better if you put some kind of filter or list , so you can pinpoint which one runs slower etc. You can adjust the "Time range" to find which one was running at a given time slot. (You can change info=completed too to find all the stages)

How can I list all the scheduled searches?

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

Improve Data Pipelines Using Splunk Data Management

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?