Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to Configure Sequential Searches...

lpolo
Motivator
‎03-14-2012 07:07 AM

I have 5 queries that have to be run in sequential order.
Is there a way in Splunk to schedule 5 searches like presented in the example? 

Example:
Schedule Search 1 -> Runs every 2 hours.
Search 2 -> Runs after schedule search 1 is executed.
Search 3 -> Runs after search 2 is executed.
Search 4 -> Runs after search 3 is executed.
Search 5 -> Runs after search 4 is executed.

Any ideas will be appreciated.

Thanks,
Lp

Tags (1)
Reply

Ledion_Bitincka
Splunk Employee
Splunk Employee
‎03-17-2012 01:19 PM

The best way to solve this is through a script which has the flexibility of deciding when to dispatch the searches. You can decide whether to wait for a search to complete before dispatching the next one, or maybe dispatch a couple of them in parallel, or even modify a search based on the results of the previous search.

0 Karma
Reply

lpolo
Motivator
‎03-17-2012 04:38 AM

I have been able to solve this problem in two ways.
1) By determining the max execution time of every scheduled search and then configure the schedule search time of each search accordingly. This approach has its limitations.

2) By creating a script that assures that the set of searches are executed in the define sequential order based on the result set data flow.

It will be nice if the user could use the search scheduler to define the execution order of a set scheduled searches base on the result set data flow as presented in the example.

Thanks.
Lp

0 Karma
Reply

reed_kelly
Contributor
‎07-12-2012 07:16 AM

I agree that this would be a nice enhancement. We have created a lot of independant scheduled searches along with emails of attached CSV reports. We could convert it all to a script, but we have tried to do everything natively.

0 Karma
Reply

lpolo
Motivator
‎03-15-2012 04:38 AM

Yes. I have a sequential inter-dependency as I presented in the example.

Thanks.

0 Karma
Reply

lguinn2
Legend
‎03-14-2012 03:19 PM

Does each search have to wait until the prior search completes?

0 Karma
Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...