i crafted these searches how can i add specific fi...

ustng1 · ‎09-01-2023

Deferred Searches:

| rest /servicesNS/-/-/search/jobs splunk_server=local

| search dispatchState="DEFERRED" isSavedSearch=1

| search title IN ("*outputcsv*","*outputlookup*","*collect*")

| table label dispatchState reason published updated title

Skipped Search:

index=_internal sourcetype=scheduler status=skipped

[| rest /servicesNS/-/-/saved/searches splunk_server=local

| search search IN ("*outputcsv *" ,"*outputlookup *" )

| table title

| rename title as savedsearch_name]

| stats count by app search_type reason savedsearch_name

| sort - count

Searches ran with error:

| rest /servicesNS/-/-/search/jobs splunk_server=local

| search isSavedSearch=1 isFailed=1

| search title IN ("*outputcsv*","*outputlookup*","*collect*")

| table label dispatchState reason published updated messages.fatal title

Saved Search with collect command generated 0 events:

index=_internal sourcetype=scheduler result_count=0

[| rest /servicesNS/-/-/saved/searches splunk_server=local

| search search="*collect*"

| table title

| rename title as savedsearch_name]

| table _time user app savedsearch_name status scheduled_time run_time result_count

| convert ctime(scheduled_time)

richgalloway · ‎09-01-2023

Each of those searches already has at least one specific filter so you know how to do that. Please explain exactly what you want from us.

---
If this reply helps you, Karma would be appreciated.

i crafted these searches how can i add specific filters