Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there a way to run a batch of savedqueries using splunk rather than python or REST?

iTechEvent
Explorer
‎01-30-2014 10:49 PM

| savedquery Q1 -> this runs okay

| savedquery Q1 | savedquery Q2 -> not okay. splunk error.

| savedquery Q1, Q2 -> not okay, splunk error.

| savedsearch Q1 | append [savedsearch Q2 ] | append [savedsearch Q3 ] | append [savedsearch Q4] --> okay and runs, but once the first one runs, not the rest.

Is it possible run a batch of saved queries in splunk?
Is automation using python, rest the only choice?

I am trying to keep it simple if possible. Anything I can try?

Tags (2)
0 Karma
Reply

iTechEvent
Explorer
‎02-01-2014 09:47 PM

First the 2 queries need to be run one after the other since the first creates a csv files which second query reads. There needs to be serial than parallel execution.

Is there a serial search version of multisearch which runs queries at the same time?

0 Karma
Reply

jonuwz
Influencer
‎02-01-2014 02:30 PM

What are you actually trying to achieve by doing this ? Have the output of all the savedsearches on the dashboard ?

If so - try this

0 Karma
Reply

iTechEvent
Explorer
‎02-01-2014 09:48 PM

Its good if I can run the rest command from splunk itself, 2 queries one after the other, preferable checking the status for successful completion.

| rest /servicesNS/admin/search/saved/searches | search title="*threshold"

Then you can add

| map maxsearches=20 search="| savedsearch \"$title$\" | eval savedsearch=\"$title$\" "

The 2 queries have different earliest and latest values and cant be run with the same time values. It looks like that is still a constraint and the above wont work.

Any other suggestions?

0 Karma
Reply

somesoni2
Revered Legend
‎01-31-2014 11:41 AM

In case multisearch doesn't work, you can have all your saved searches running in dashboard panels and can schedule dashboard to run at a schedule.

0 Karma
Reply

mbenwell
Communicator
‎01-30-2014 11:52 PM

You could try the multisearch command

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...