Solved: View saved search SPL without running the search

Tedesco1 · ‎05-14-2019

Hi all,

I have a few saved searches running on a schedule that I'm using to populate a summary index. My problem is that, in order to edit or view the SPL, I have to click "open in search"... which automatically executes the search at that time.

Then when I want to save them I have to run them again, otherwise the "save" button is disabled.

These searches contain the collect command, so I generally don't want to run them except for when I've scheduled them to run. Is there any way (other than the command line) to edit these saved searches in a way that doesn't force me to actually run the search?

vikramyadav · ‎05-14-2019

Yes, it is possible to view or edit your SPL query without running it.
Steps
1. Login into your server (Normally localhost:8000)
2. Go in "Setting".
3. And click on "Searches, reports, and alerts"
And Choose your SPL query name which you want to edit or view.

View solution in original post

vikramyadav · ‎05-14-2019

Yes, it is possible to view or edit your SPL query without running it.
Steps
1. Login into your server (Normally localhost:8000)
2. Go in "Setting".
3. And click on "Searches, reports, and alerts"
And Choose your SPL query name which you want to edit or view.

View solution in original post

Tedesco1 · ‎05-14-2019

Thank you very much! I had no idea that was there.

vikramyadav · ‎05-15-2019

No Problem, I am happy that you got your answer.

View saved search SPL without running the search

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>