Re: How can I save a query data so that it does no...

webnair · ‎07-13-2014

I would like to save a query result, for example: for a particular month. I don't want splunk to load the page and fetch the data everytime the page is loaded.

I need to get the results saved so that I can see the results instantaneously.Similar to canned report.

jimodonald · ‎07-15-2014

You could schedule your search to run once a month and output to a CSV. Subsequent searches can pull the data from the monthly CSV.

richgalloway · ‎07-14-2014

Musskopf's comment is a good suggestion. You might also consider saving the query resuls in a summary index and pulling from the index to load the page.

---
If this reply helps you, Karma would be appreciated.

musskopf · ‎07-13-2014

You'll need to save your search as a report and schedule the report to run. Once it ran at least once, use the command " |loadjob "admin:search:report_name" " to get the results...

How can I save a query data so that it does not get loaded everytime

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Join the Conversation