Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to Configure Sequential Searches...

lpolo
Motivator
‎03-14-2012 07:07 AM

I have 5 queries that have to be run in sequential order.
Is there a way in Splunk to schedule 5 searches like presented in the example? 

Example:
Schedule Search 1 -> Runs every 2 hours.
Search 2 -> Runs after schedule search 1 is executed.
Search 3 -> Runs after search 2 is executed.
Search 4 -> Runs after search 3 is executed.
Search 5 -> Runs after search 4 is executed.

Any ideas will be appreciated.

Thanks,
Lp

Tags (1)
Reply

Ledion_Bitincka
Splunk Employee
Splunk Employee
‎03-17-2012 01:19 PM

The best way to solve this is through a script which has the flexibility of deciding when to dispatch the searches. You can decide whether to wait for a search to complete before dispatching the next one, or maybe dispatch a couple of them in parallel, or even modify a search based on the results of the previous search.

0 Karma
Reply

lpolo
Motivator
‎03-17-2012 04:38 AM

I have been able to solve this problem in two ways.
1) By determining the max execution time of every scheduled search and then configure the schedule search time of each search accordingly. This approach has its limitations.

2) By creating a script that assures that the set of searches are executed in the define sequential order based on the result set data flow.

It will be nice if the user could use the search scheduler to define the execution order of a set scheduled searches base on the result set data flow as presented in the example.

Thanks.
Lp

0 Karma
Reply

reed_kelly
Contributor
‎07-12-2012 07:16 AM

I agree that this would be a nice enhancement. We have created a lot of independant scheduled searches along with emails of attached CSV reports. We could convert it all to a script, but we have tried to do everything natively.

0 Karma
Reply

lpolo
Motivator
‎03-15-2012 04:38 AM

Yes. I have a sequential inter-dependency as I presented in the example.

Thanks.

0 Karma
Reply

lguinn2
Legend
‎03-14-2012 03:19 PM

Does each search have to wait until the prior search completes?

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...