Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Save results of saved search back into an index.

johnsasikumar
Path Finder
‎08-28-2019 09:59 PM

Can we save results of a saved search/ search back into splunk. Something similar to a view in SQL database.
Splunk query processes the raw data(Scheduled)--> saves it back to an index.

Tags (1)
0 Karma
Reply

renjith_nair
Legend
‎08-28-2019 10:36 PM

@johnsasikumar,

There are possibly two ways of doing it. Based on your use case, you could choose the better suited one

1 - Using Log events

Using the alert actions, you could send the log events to your splunk deployment for indexing

2 - Summary indexing

With summary indexing, you set up a frequently-running search that extracts the precise information you want. Each time this search is run, its results are saved into a summary index that you designate. You can then run searches and reports on this significantly smaller (and thus seemingly "faster") summary index

https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Usesummaryindexing

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...