Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

running a Saved Search from the Command Line Interface (CLI)

seanlon11
Path Finder
‎05-11-2010 03:20 PM

How do I run a Saved Search from the CLI whose name has spaces in it?

When I run a Saved Search whose name does NOT have spaces it works fine:

  • ./splunk search "| savedsearch wpsqa01_login_scconlo"

When I try to run the following Saved Search WITH spaces, I receive an error:

  • ./splunk search "| savedsearch Application Login Attempts"
  • Error in 'savedsearch' command: Unable to find saved search named 'Application'.

I have tried multiple combinations of single and double quotes, but so far I cannot get it to work.

Any suggestions on how to get my Saved Search that has spaces in its name to work from the CLI?

Thanks, Sean

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

bwooden
Splunk Employee
Splunk Employee
‎05-12-2010 02:06 AM

A double quoted search name within a single quoted search command worked for me...

$SPLUNK_HOME/bin/splunk search '|savedsearch "Splunk errors last 24 hours"'

View solution in original post

Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎02-18-2011 11:15 PM

You should open up a new topic on quoting CLI commands in Windows. But basically, because the Windows CMD shell has strange rules. You should quote the search string with double quotes ", but if you have to use double quotes within the search string to quote the name of a saved search, you probably need to quote those in turn by using double double-quotes "" in place of the single ones.

Reply
Solved! Jump to solution

jambajuice
Communicator
‎02-18-2011 11:03 PM

I am trying to run a saved search from the command-line in Windows. When I run the search with a "|" character before "savedsearch", Windows says that it doesn't recognize 'savedsearch' as an internal or external command.

How can I run a saved search from the command-line in Windows?

Reply
Solved! Jump to solution

chris
Motivator
‎06-03-2010 10:54 AM

If your saved search is in your own custom app you can run it as follows:

$SPLUNK_HOME/bin/splunk search '| savedsearch "My saved search"' -app myAppName
Reply
Solved! Jump to solution
Solution

bwooden
Splunk Employee
Splunk Employee
‎05-12-2010 02:06 AM

A double quoted search name within a single quoted search command worked for me...

$SPLUNK_HOME/bin/splunk search '|savedsearch "Splunk errors last 24 hours"'
Reply
Solved! Jump to solution

seanlon11
Path Finder
‎05-12-2010 02:07 PM

Worked like a charm. Thought I had tried that combination, but apparently I was mistaken.

Thanks.

Reply
Solved! Jump to solution

vishaltaneja070
Motivator
‎09-26-2019 06:49 AM

@bwooden Not working in Windows CLI.

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...