Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Limitation to search query ?

rakesh_498115
Motivator
‎09-05-2012 11:05 AM

Hi,

I have written a search query and saved it as a Saved Search.Now can i restrict this SavedSearch to be executed only once perday..i.e When i click on the savedsearch it should run and fetch the desired results for me only once per day and so that if i try to excute the same saved search again , it should throw error sayin "Search OPeration not allowed " like this..

Is this possible in splunk ?? or can we have any idea of this sort applicable to splunk ?? if so can you please provide me a solution...

thanx.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎09-05-2012 11:30 AM

You can schedule a search to run once a day. You can set permissions on the search so that only a limited set of people have access to it (even read access will allow a person to run the search).

You can also find the search in savedsearches.conf and add this to the stanza:

is_visible = false

Now the search will not show up in any menu, even for roles that have read permission. However, the search will still be visible in the Manager -> Searches and Reports for those that have read permissions.

AFAIK, this is the best that you can do to prevent the search from being run. There is no setting that prevents the search from being run more than once a day.

View solution in original post

Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎09-05-2012 11:30 AM

You can schedule a search to run once a day. You can set permissions on the search so that only a limited set of people have access to it (even read access will allow a person to run the search).

You can also find the search in savedsearches.conf and add this to the stanza:

is_visible = false

Now the search will not show up in any menu, even for roles that have read permission. However, the search will still be visible in the Manager -> Searches and Reports for those that have read permissions.

AFAIK, this is the best that you can do to prevent the search from being run. There is no setting that prevents the search from being run more than once a day.

Reply
Solved! Jump to solution

rakesh_498115
Motivator
‎09-05-2012 12:36 PM

thnx for the info..:)

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...