- Splunk Answers
- :
- Using Splunk
- :
- Reporting
- :
- Schedule a report to run each day so that query is...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've created a lot of reports and a number of dashboards, some of which are pretty complex. We don't have splunk setup on the best machine, so some of these queries take a while to run and dashboards can break or take forever to view while all of the reports are generated, sometimes they timeout.
All reports are based on daily data that is pulled in each night around midnight. Is there a way to schedule each report to run early in the morning, say 6am, each day so that every time someone views a dashboard with that report that day, it doesn't have to re-run each time and take forever to load, as its been "pre-run/scheduled"? I don't need it to be emailed to me or anything.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes - simply edit each search and check the box for "schedule this search". Under scheduled search, you can choose schedule type "cron". In the cron schedule box put
0 6 * * *
Save your changes. (Don't choose any of the alerts or notifications.) The search will run automatically every morning at 6:00 am.
The dashboard will automatically pick up the cached results. BTW if someone runs the search manually during the day, the dashboard will then pick up the latest results.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes - simply edit each search and check the box for "schedule this search". Under scheduled search, you can choose schedule type "cron". In the cron schedule box put
0 6 * * *
Save your changes. (Don't choose any of the alerts or notifications.) The search will run automatically every morning at 6:00 am.
The dashboard will automatically pick up the cached results. BTW if someone runs the search manually during the day, the dashboard will then pick up the latest results.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hey, i found it out now,
you have to have the specific search saved before and then after "edit search" you have to click "Select a saved search" then u are where lguinn says (i think so 😉
that's how mine worked out,
thx
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In 4.3.3, you can click Edit on the dashboard to put the dashboard in edit mode, then click Edit on the dashboard panel and then Edit Search and Edit in Manager to get to the point that I mentioned above.
However, in all versions of Splunk, you can go to the Manager, choose Searches and Reports and then click the name of the search that you want to edit.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
when i see my view/dashboard, do i need to click vie result for every search and then create a scheduled search of this search?
beacuase I cannot find the checkbox u are talking about (i have 4.3.3)
thx for answer
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
