Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Using variable in same search

JYTTEJ
Communicator
‎12-14-2011 01:14 AM

Hi. I am going to set up the same search - for a lot of different hosts.(20)

The result of the search is displayed on 2 different dashboards.

The search is running every 30 minutes - thus updating the dashboard every 30 minutes.

I would like to use the same search - and just reference the different hosts - instead of having 20 saved searches which are the same - only difference is the host name.

How do I accomplish this?

Tags (1)
0 Karma
Reply

Ayn
Legend
‎12-14-2011 01:30 AM

This sounds like a good situation to use a search macro. I could describe it a bit more but really I think the docs explain the concept best though: http://docs.splunk.com/Documentation/Splunk/latest/User/CreateAndUseSearchMacros

Reply

Ayn
Legend
‎12-14-2011 04:00 AM

No problem! Could you please mark my answer as accepted? Thanks!

0 Karma
Reply

JYTTEJ
Communicator
‎12-14-2011 03:08 AM

Great! thank you so much!

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...