I am new to splunk...
How to get List of realtime searches and the macro/savedSearch that runs on it?
Is there any splunk query command or index from which i can get required information..
| rest /servicesNS/-/-/search/jobs splunk_server=local | search eventSorting=realtime
Works for me in Splunk 6.5
| rest /servicesNS/-/-/search/jobs | search eventSorting=realtime
Works for me on Splunk 6.5
I was trying to get a list of all saved searches that would use a realtime search.
Maybe because I am using a clustered search head the results are not consistent.