Splunk Enterprise version: 6.3.1
earliest_time : "-5m",
latest_time:"now"
exec_mode:"blocking",
search : "index= xxxxx------------------------- very complex."
Currently my method like this javascript code:
setTimeout(function(){
console.log("start update search...");
serviceStatus.startSearch();
},10000);
for a 10 second result refresh.
Is there any better way?
use ALERT to do it.
http://docs.splunk.com/Documentation/Splunk/6.3.0/Alert/Definescheduledalerts