Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Save results of saved search back into an index.

johnsasikumar
Path Finder
‎08-28-2019 09:59 PM

Can we save results of a saved search/ search back into splunk. Something similar to a view in SQL database.
Splunk query processes the raw data(Scheduled)--> saves it back to an index.

Tags (1)
0 Karma
Reply

renjith_nair
Legend
‎08-28-2019 10:36 PM

@johnsasikumar,

There are possibly two ways of doing it. Based on your use case, you could choose the better suited one

1 - Using Log events

Using the alert actions, you could send the log events to your splunk deployment for indexing

2 - Summary indexing

With summary indexing, you set up a frequently-running search that extracts the precise information you want. Each time this search is run, its results are saved into a summary index that you designate. You can then run searches and reports on this significantly smaller (and thus seemingly "faster") summary index

https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Usesummaryindexing

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...