Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to search Data Models with Javascript in a Search Manager or through a Data Model Object?

nprab428
Engager
‎02-28-2017 06:55 AM

I've created a data model and want to search it in my external Javascript. For my first attempt, a SearchManager would not start the search using the data model query:

    var datamodelSearch = new SearchManager({
        id: "datamodelSearch",
        search: '| datamodel test_commits commits search | where Commit = $commithash$ | head 5 ',
            earliest_time: '-30d'
            latest_time: 'now'
            preview: false,
        cache: true
    }, { tokens: true });

    datamodelSearch.on('search:start', function() {
        console.log('DM STARTED!!!'); // would never get here
    });

On a second attempt, I was trying to use the DataModelObject class, following this documentation:

http://dev.splunk.com/view/javascript-sdk/SP-CAAAEY8#workwithobjects 

 var service = mvc.createService({ owner: "nobody" });
    service.dataModels().fetch(function(err, dataModels) { 
        var object = dataModels.item("test_commits").objectByName("commits");
        object.startSearch({}, "| head 5", function(err, job) {
            console.log("The job has name:", job.name);
            job.results({count: 5}, function(err, results, job) {
                 console.log("Fields: ", results.results); // results would be null
            });             
        });
    });

This second search created a search job with a search id, but I was not able to pull the results from the job. However, if I looked up the search id in the job inspector, I would correctly see 5 results.

Could anyone help me out?

Reply
1 Solution
Solved! Jump to solution
Solution

nprab428
Engager
‎03-06-2017 08:02 AM

Turns out my searchmanager syntax was wrong (forgot commas around the time range, and quotes around the commit hash).

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

nprab428
Engager
‎03-06-2017 08:02 AM

Turns out my searchmanager syntax was wrong (forgot commas around the time range, and quotes around the commit hash).

0 Karma
Reply
Solved! Jump to solution

DalJeanis
SplunkTrust
SplunkTrust
‎03-06-2017 12:19 PM

If you have solved the issue, please convert your comment to an answer and accept the answer. It might also help others if you posted what you found to be the correct syntax.

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...