Splunk Search

Load Saved Results via CLI

clincg
Path Finder

Does anyone know how to load saved results from a previous search via CLI command? The documentation suggests that we can run saved search via CLI command, but there is no mention of loading saved results from a previous search via CLI.

The reason I asked is that we often run search over a large set of data that will take a long time to run (over a few hours), after the search, we would like to save the search result and export the large result set over CLI commands later. Currently the UI limits the export to 10,000 rows.

Thanks!

Tags (1)
1 Solution

ftk
Motivator

Take a look at the loadjob command. You can load the results set of a previously executed job if you know either the job's ID or the name of the saved search run. This should work just fine from the CLI.

View solution in original post

ftk
Motivator

Take a look at the loadjob command. You can load the results set of a previously executed job if you know either the job's ID or the name of the saved search run. This should work just fine from the CLI.

Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...