Is there a Splunk search command that returns information found in "Manager » Searches and reports" view?
For example, I need to know all the search names and search scheduled time configured in a particular indexer using a search command.
Thanks,
Lp
You can download a 90 day trial of Sideview Utils 2.0, because it packages a splunkentity
command that will do what you want:
| splunkentity /saved/searches app="some_app"
Granted, knowing what the entity path is for a particular kind of Manager object can be a little tricky, but you can often figure it out and when in doubt you can ask me.
go here, then on the right you'll see 'download trial'.
http://sideviewapps.com/apps/sideview-utils/
Especially if you've ever created or edited a view in the Advanced XML, there are many powerful reasons to check out Sideview Utils 2.0. To be honest although the splunkentity
command is quite useful it falls so far down on that list that I have yet to write up a docs page for it.
Look at the details from this search. I'm not sure I see a scheduled time but it gives you alot of details for your searches.
| rest /services/saved/searches
After you see the fields you want just simplify the table with specific columns.
| rest /services/saved/searches | table title search
Could you ask to your colleagues in Splunk Tech Support of Dev?
Thanks,
Lp
Not that I can find.
It improved. I can see all scheduled searches that ran or are running.
Is there a way to get what is found in the "Manager » Searches and reports" view?
This shows what has run and shows searches outside of just the search app. Might be a way to sort/dedup this for information that you want.
| rest /services/search/jobs
Search = | rest /services/saved/searches | table title search
If I execute the search from this app:
http://hostname:8000/en-US/app/search/dashboard_live
I get the same result set if I run the same search from one of our apps:
http://hostname:8000/en-US/app/metrics_abc/search_view
Both apps have different scheduled searches configured.
Seems to be retriving searches for the search app only.
It seems that is not returning all the scheduled searches for all the apps. Is there an ending point call for each app?
Thanks,
Lp
Yes. I did the work. The returned fields are the ones I need.