Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to edit my search to display the status of my saved searches?

ramstolentino
Explorer
‎05-30-2017 06:49 PM

Hi, I am currently using the search below to get the status of my saved searches.

index=_internal sourcetype=scheduler | eval dispatch_time=strftime(dispatch_time, "%B %d %H:%M:%S") | table savedsearch_name status dispatch_time run_time result_count | sort dispatch_time

However, I want to see the following status:

  1. running;
  2. not running
  3. completed ("success" is OK)

Any suggestions? Thanks!

0 Karma
Reply

tlam_splunk
Splunk Employee
Splunk Employee
‎06-01-2017 02:14 AM

I think your search command is trying to get the status from the scheduler.log.
In scheduler.log, I don’t think it has the ‘running' status. In general, you could take status = success As 'completed' , other than success, you could take it as ‘not completed’.

0 Karma
Reply

woodcock
Esteemed Legend
‎05-31-2017 12:20 PM

Why not use the REST API?

| rest/servicesNS/-/-/saved/searches
Reply

cmerriman
Super Champion
‎05-31-2017 04:29 AM

by "not running" are you referring to saved searches that are not on a schedule? otherwise, in my opinion, if they are "not running" they would be "completed". I've never seen a "running" status, but I suppose i've never looked while i had a search running before.

Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...