I am new to splunk...
How to get List of realtime searches and the macro/savedSearch that runs on it?
Is there any splunk query command or index from which i can get required information..
Hi paramagurukarthikeyan,
try this from the search bar:
| rest /services/search/jobs | search eventSorting=realtime
cheers, MuS
| rest /servicesNS/-/-/search/jobs splunk_server=local | search eventSorting=realtime
Works for me in Splunk 6.5
| rest /servicesNS/-/-/search/jobs | search eventSorting=realtime
Works for me on Splunk 6.5
Hi paramagurukarthikeyan,
try this from the search bar:
| rest /services/search/jobs | search eventSorting=realtime
cheers, MuS
Anyone know how to do this on the latest version of Splunk 6.x?
This doesn't appear to work anymore.
Hi @phoenixdigital, what exactly are you after? The REST call still works in 6.4.1
I was trying to get a list of all saved searches that would use a realtime search.
Maybe because I am using a clustered search head the results are not consistent.
Thank you Michael... This is what i was looking for 🙂