...use a savedsearch to query the data because I latest() and stats every field to make sure it is the latest record in the database, it's a pretty big query. I am interested in forcing the data t...
I have a savedsearch running on a 5 minute cron schedule iteratively working through a list of previously saved search parameters. 2 Things (1) Can I have a conditional CRON schedule such that I s...
...| collect index=sec_apps_summary source="savedSearch_1d" And earliest , latest setting as -1@d and @d . There is another SEARCH-2, that invokes the 'saved search' and the SPL starts l...
Hi I'm new to Splunk and what to create a search that shows what savedsearches where used in a dashboard? This is how far I got:
| rest /servicesNS/-/-/data/ui/views splunk_server=local
| s...
Hi all, Previously we used to use the endpoint /servicesNS/nobody/my_app_name/admin/savedsearch/_reload to reload savedsearches while the search head was online. Since moving to Splunk 8, this e...
Hello,
I have a case opened for this - but it seems that this forum can be quicker at times...
I run between 100-200 savedsearches on a one minute interval on each one of my indexers. These s...
hey guys,
i'm stuck with this macro problem, where i cannot run a savedsearch with a macro inside it.
1. i have a savedsearch like this:
.... | eval param1="777" | `myMacro("$param1$")`
2. m...
Hi, I'm using: loadjob savedsearch because my query is big and it takes time to load. I have some multi-select filters and i want to add input time range filter. (| loadjob savedsearch="m...
from my saved search i'm trying to get the values of a field like below
<search>
<query>| savedsearch mysearch field3 = $value$ </query>
</search>
but its not w...
I know I can use the "rest" command as in the link below to get the list of savedsearches. https://community.splunk.com/t5/Getting-Data-In/Is-there-any-way-to-list-all-the-saved-searches-in-Splunk/m...