Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Limitation to search query ?

rakesh_498115
Motivator
‎09-05-2012 11:05 AM

Hi,

I have written a search query and saved it as a Saved Search.Now can i restrict this SavedSearch to be executed only once perday..i.e When i click on the savedsearch it should run and fetch the desired results for me only once per day and so that if i try to excute the same saved search again , it should throw error sayin "Search OPeration not allowed " like this..

Is this possible in splunk ?? or can we have any idea of this sort applicable to splunk ?? if so can you please provide me a solution...

thanx.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎09-05-2012 11:30 AM

You can schedule a search to run once a day. You can set permissions on the search so that only a limited set of people have access to it (even read access will allow a person to run the search).

You can also find the search in savedsearches.conf and add this to the stanza:

is_visible = false

Now the search will not show up in any menu, even for roles that have read permission. However, the search will still be visible in the Manager -> Searches and Reports for those that have read permissions.

AFAIK, this is the best that you can do to prevent the search from being run. There is no setting that prevents the search from being run more than once a day.

View solution in original post

Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎09-05-2012 11:30 AM

You can schedule a search to run once a day. You can set permissions on the search so that only a limited set of people have access to it (even read access will allow a person to run the search).

You can also find the search in savedsearches.conf and add this to the stanza:

is_visible = false

Now the search will not show up in any menu, even for roles that have read permission. However, the search will still be visible in the Manager -> Searches and Reports for those that have read permissions.

AFAIK, this is the best that you can do to prevent the search from being run. There is no setting that prevents the search from being run more than once a day.

Reply
Solved! Jump to solution

rakesh_498115
Motivator
‎09-05-2012 12:36 PM

thnx for the info..:)

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...