Re: Is there an SPL search for Searches (saved or ...

SamHTexas · ‎03-28-2021

Is there an SPL search for Searches (saved or scheduled) that run in Real time? Should the all scheduled or saved searches be saved on the SH?

gjanders · ‎06-12-2021

In Alerts for Splunk Admins

SearchHeadLevel - Realtime Scheduled Searches are in use

SearchHeadLevel - Realtime Search Queries in dashboards

SearchHeadLevel - Scheduled Searches without a configured earliest and latest time

Or even:

SearchHeadLevel - Dashboard refresh intervals

Might help...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

SamHTexas · ‎06-11-2021

Howdy sir, no. Due to only 2 of us in the Security team. It is hard to take time off at this time. Are you attending?

richgalloway · ‎06-11-2021

I'm planning to attend.

---
If this reply helps you, Karma would be appreciated.

richgalloway · ‎03-28-2021

Yes, saved searches will on the SH. This search should do what you need.

| rest splunk_server=local /servicesNS/-/-/saved/searches 
| search is_scheduled=1 disabled=0 
| fields dispatch.earliest_time eai:acl.owner title eai:acl.app 
| rename dispatch.earliest_time as earliest_time, eai:acl.owner as Owner, eai:acl.app as App
| where (earliest_time=="rt")
| table App Owner title

---
If this reply helps you, Karma would be appreciated.

SamHTexas · ‎03-29-2021

Thank u. let me give it a test drive, I owe you lunch for all the help you have provided when you visit Texas. Have a safe day.

richgalloway · ‎06-11-2021

Will you be in Las Vegas for .conf21?

---
If this reply helps you, Karma would be appreciated.

Is there an SPL search for Searches (saved or scheduled) that run in Real time?

search job inspector

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!