Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to retrieve results from search manager ONLY when search is done?

pgoldweic
Communicator
‎11-06-2020 03:30 PM

I can retrieve results from my search manager by using this type of code:

     var mydata = mySearchManager.data("results")

     mydata.on("data", function() {
         if (mydata.hasData()) {
             let numRows =mydata.data().rows.length;
             .... (do something with the data)
         }
     });

However, the event handler above runs more than once (twice in my particular search, even though there's only one row of results). How do I prevent it from running twice? (or, alternatively, how do I retrieve the results of a search manager ONLY when it is completely done? Since I use this handler to start a difference search -when this one is done-, I want to make sure the handler doesn't run more than once -or otherwise the second search will be started more than once too-. 

Labels (1)
Labels
Tags (2)
0 Karma
Reply

pgoldweic
Communicator
‎11-09-2020 08:16 AM

I've actually seen this (and used this event before for other purposes) but on visual inspection, I could not find the actual results in the 'properties' object. I see resultCount, and various related items, but could not see actual results. If you see them yourself @renjith_nair , could you tell me where exactly to find them within properties.content? thanks

0 Karma
Reply

renjith_nair
Legend
‎11-10-2020 07:38 PM

I have used the properties to initiate another search along this way

srchCheck.on('search:done',function(properties) {
   var resultCount=properties.content.resultCount;
   if resultsCount < 1 {
     //run another search
   }
})

Actual results, I usually attach to the visualization directly with

"managerid": "srchId"
Happy Splunking!
0 Karma
Reply

pgoldweic
Communicator
‎11-11-2020 09:12 AM

Thanks @renjith_nair for replying back. I am already doing what you are suggesting in your reply (using the search:done event to compare number of results and start another search). The only thing I've been missing here is the direct access to the set of results, and not just the resultCount, for example. Could you clarify what you mean when you say: 
 --------------------------------------------------------

Actual results, I usually attach to the visualization directly with

"managerid": "srchId"

------------------------------------------------------------

I'm afraid I'm not following what you're trying to say here. Please be explicit (with a line of code) in how you'd gain access to the actual result set. Thanks!

Tags (2)
0 Karma
Reply

renjith_nair
Legend
‎11-12-2020 05:06 AM

Here is how i used it

main search

      var srMain = new SearchManager({
            "id": "srMain",
            "cancelOnUnload": true,
            "latest_time": "now",
            "earliest_time": "-15m",
            "search":  "|`myMacro(\"$mainSearch$\")`",
            "status_buckets": 0,
            "app": utils.getCurrentApp(),
            "auto_cancel": 90,
            "preview": true,
            "runWhenTimeIsUndefined": false
        }, {tokens: true})

table which populates  the result

        var tblDetails = new TableElement({
            "id": "tblDetails",
            "count": 10,
            "dataOverlayMode": "none",
            "drilldown": "row",
            "refresh.link.visible": false,
            "refresh.time.visible": false,
            "link.visible": false,
            "rowNumbers": "undefined",
            "wrap": "undefined",
            "fields": "Project,Host,Type,Resource,\"First Name\",\"Last Name\",Email,Comments,\" \"",
            "managerid": "srMain",
            "el": $('#tblDetails')
        }, {tokens: true, tokenNamespace: "submitted"}).render();

Conditions are added as mentioned earlier to run different searches

Happy Splunking!
0 Karma
Reply

pgoldweic
Communicator
‎11-12-2020 07:23 AM

Thanks @renjith_nair once again for replying. However, this reply makes it clear to me that you misunderstood what my question was about. Specifically, I am already displaying results of searches in views (chart views, tables, etc.), so my question was *not* about how to display results in those components. My question is specifically about how to obtain the set of results programmatically  when the search is done, without using the canonical example shown in my post. Therefore, an alternate answer for my question -since my post already shows the canonical approach for this- would come in the form of a method call to apply to a search or view object, etc. to obtain these results. I also understand that I could probably make a REST call to obtain these results from within the 'search:done' handler, but I was curious to see if there was a way that would avoid *both* the canonical approach and also the REST call.  

 

0 Karma
Reply

renjith_nair
Legend
‎11-06-2020 05:50 PM

Have you tried the search:done event ? 

 mysearch.on('search:done', function(properties) {
            // Print the search job properties
            console.log("DONE!\nSearch job properties:", properties.content);
        });

 

Reference : https://dev.splunk.com/enterprise/docs/developapps/visualizedata/addsearches/searchprogressevents/

Happy Splunking!
0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...