×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
takuyaikeda
Explorer
Member since: ‎11-11-2019
‎02-04-2025
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 1
Member Since ‎11-11-2019
Activity Feed
View All

Re: How to get scheduled searches and its results

by in Alerting
‎02-03-2025 11:13 PM
‎02-03-2025 11:13 PM
Thank you for providing valuable information. While we were able to gather information related to the schedule search execution results using the query you provided, we were unable to obtain the logs detected by the search execution. However, using the query you provided as a reference, we were able to achieve our desired outcome via the server's CLI, so I would like to report that the issue has been resolved. The commands we are executing on the server are as follows: curl -sS -k -u '<ID:PW>' https://localhost:8089/services/search/jobs/export -d search='search index=_audit "user=splunk-system-user" "info=completed" NOT "result_count=0" NOT "savedsearch_name=\"\"" earliest=-2h | stats count by timestamp savedsearch_name search_id' -d output_mode=csv | while read line ; do echo "${line}" | cut -d ',' -f 1 ; echo "${line}" | cut -d ',' -f 2 ; sid=`echo ${line} | cut -d ',' -f 3 | sed "s/'//g"` ; curl -sS -k -u '<ID:PW>' https://localhost:8089/services/search/jobs/export -d search="|loadjob ${sid}" | grep "<field k='_raw'>" | sed -e 's/<\/*field[^>]*>//g' -e 's/<\/*v[^>]*>//g' ; done (I understand that this is not the optimal solution, but at least I was able to obtain the necessary information with this one-liner.) Giuseppe, grazie mille ... View more

How to get scheduled searches and its results

by in Alerting
‎02-01-2025 11:34 PM
‎02-01-2025 11:34 PM
We operate by using scheduled searches to periodically search through logs collected by Splunk, and trigger actions when log entries matching certain conditions are found. You can create a list of actions triggered recently (for example, within the past week) by searching for alert_fired="alert_fired" in the _audit index. At this time, is it possible to join the log entries that matched in each search execution to the list? (I want to know the result of "| loadjob <sid>" for each search.) The expected output is a table with the search execution time (_time), the search name (ss_name), and the log entries. ... View more
Labels

インデックスのデータを時間経過で自動削除したい

by in Deployment Architecture
‎11-27-2019 11:26 PM
1 Karma
‎11-27-2019 11:26 PM
1 Karma
現在インデックス内のデータ量が増え続ける為、自動で1年経過したデータを削除させたいです。 どのように設定すれば、1年経過したデータを自動で削除させることが出来ますか? -English- Since the amount of data in the index continues to increase, I want to automatically delete data that has passed one year. How can I automatically delete data that has passed one year? ... View more

Splunk App for AWS - Closed network

by in All Apps and Add-ons
‎11-11-2019 11:15 PM
‎11-11-2019 11:15 PM
I want to use "Splunk App for AWS" in a closed network. When using a VPC, etc., isn't Addon data flowing to the open internet? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-04-2025 02:35 AM
Karma from
View All
Karma given to
View All
Top