cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
splunknoob2
Observer
Member since: ‎06-28-2022
‎06-30-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎06-28-2022
View All

Re: Save search results to index

by in Splunk Search
‎06-30-2022 03:50 AM
‎06-30-2022 03:50 AM
Thank for your answer. However I cannot clone the job because there are several search heads in the environment and if I do it the job will only appear on the SH I am into (which usually isnt the "captain"). Is there a command to do it in the search bar something like "|logactions" that would take a expression like "action.logevent.param.event = _time=$result._time$" as a parameter? I tried collect however it does not work exactly as the log event action. ... View more

Is there a command that I can add to the search qu...

by in Splunk Search
‎06-28-2022 06:49 AM
‎06-28-2022 06:49 AM
Hello, I have a question regarding the indexing of search results. So, I have an alert that's currently active performing and search and passing the results to a particular event through log events, I would like to modify this job to run in a specific past time window, however I can't edit the job so I would like to be able to run the same search through the splunk search bar and pass the results to the index. I can run the search and get the results through the search but can't output it to the index. Is there a command that I can add to the search query in order to pass the results to the index? Thanks in advance. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-30-2022 05:03 AM