Is there a difference between guided and manual mo...

frizzoS3 · ‎09-28-2017

Guided and Manual Mode?

Real Time and Continuous?

Is one more efficient then the other?

Thank you.

Frank

lfedak_splunk · ‎09-28-2017

Hey @frizzoS3, this can be read in docs:
Correlation searches can run with a real-time or continuous schedule.
• Use a real-time schedule to prioritize current data and performance. Searches with a real-time schedule are skipped if the search cannot be run at the scheduled time. Searches with a real-time schedule do not backfill gaps in data that occur if the search is skipped.
• Use a continuous schedule to prioritize data completion, as searches with a continuous schedule are never skipped.
As for guided vs. manual mode -- I think this is the difference, "Select a mode of Guided to create a search without having to write the search syntax yourself, or select Manual to write your own search."

frizzoS3 · ‎09-28-2017

Hi

I am trying to change the Scheduling on a correlation search to Continuous from Real Time, and I am getting a field " Fields to Group by" in order to save the search.

I have entered a couple of different field names, but to no avail as I keep getting the following message...."There was an error saving the correlation search."

Any suggestions?

Thank you

Frank

Is there a difference between guided and manual mode? Is there a difference between real-time and continuous?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life