Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Retrieve the name of the current search

Scott_Kudelski
Explorer
‎03-09-2021 11:00 AM

I would like to be able to retrieve the name of the current search to pass to a macro in the search.

Saved Search name in app "Access - Cleartext Password At Rest"

| from datamodel:"Compute_Inventory"."Cleartext_Passwords"
| `get_info($SEARCH_NAME$)`
| stats max(_time) as "lastTime",latest(_raw) as "orig_raw",values(tag) as "tag",count by "dest","user","password"

Macro "get_info"
Argument: searchname
lookup searchparms $searchname$

So in this example when the scheduled search "Access - Cleartext Password At Rest" is run, it would lookup information from "searchparms" for "Access - Cleartext Password At Rest"

Labels (2)
Labels
0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎03-09-2021 01:32 PM

This link has a discussion around the problem. 

https://community.splunk.com/t5/Reporting/Any-way-to-get-the-name-of-the-scheduled-search-you-are-in...

 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-09-2021 01:14 PM

Try $job.label$

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

Scott_Kudelski
Explorer
‎03-15-2021 12:05 PM

@richgalloway I was unable to get any results for $job.label$

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...