How to store search result to variable in Splunk?

Bhuavana · ‎07-30-2014

Hi,

Please let me know how to store search result to variable in splunk [like the one in below mentioned code in html] .
// SEARCH MANAGERS
//

    var search1 = new SearchManager({
        "id": "search1",
        "earliest_time": "0",
        "search": "index=wuhost3 revisionlabel=\"*\" | sort -revisionlabel | head 1 | table revisionlabel",
        "latest_time": "now",
        "cancelOnUnload": true,
        "status_buckets": 0,
        "app": utils.getCurrentApp(),
        "auto_cancel": 90,
        "preview": true
    }, {tokens: true, tokenNamespace: "submitted"});

So that i can get the variable output. But my below options are not working :

var userInput = document.getElementById('search1').value;
//var userInput = document.getElementById('search1');

Please help me with correct code to fetch the output to store in a var[html code]

pasokkum · ‎08-17-2016

Try the following:

search1.startSearch();
                      var revisionlabel= search1.data('results');
                      revisionlabel.on("data", function() {   
                          var findrevisionlabel = revisionlabel.data().rows;
                          var output=findrevisionlabel [0][0];
                      });

How to store search result to variable in Splunk?

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?