Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can I query an already existing report?

JustRoot
Path Finder
‎08-15-2017 07:25 AM

I am looking to write an alert that would query a report I have saved that runs every day. I would like it to look for certain fields in the report and if they match, to perform an action, is this possible?

Thanks

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sbbadri
Motivator
‎08-15-2017 09:50 AM

try this,

| savedsearch your_report_name | fields * | .......

please check below link,

https://docs.splunk.com/Documentation/SplunkCloud/6.5.1/SearchReference/Savedsearch

View solution in original post

Reply
Solved! Jump to solution

cmerriman
Super Champion
‎08-15-2017 10:48 AM

i would use loadjob. http://docs.splunk.com/Documentation/Splunk/6.6.2/SearchReference/Loadjob

Loadjob will use the results from a previously ran report, just make sure your time range encompasses the entire time frame of the report. In other words, if the report was ran this morning, but covered data for the previous month, make sure that you run loadjob for the previous month to now, at least that's my experience. You also need to make sure you're saving the results long enough. If you need to access the results only every 24 hours, then you only need to save them for 24 hours.

|loadjob savedsearch="username:appname:savedsearchname" |search field1=x.....

or use |where field1=field2 or just |fields field1 field2 depending on what you're trying to accomplish, exactly.

Reply
Solved! Jump to solution
Solution

sbbadri
Motivator
‎08-15-2017 09:50 AM

try this,

| savedsearch your_report_name | fields * | .......

please check below link,

https://docs.splunk.com/Documentation/SplunkCloud/6.5.1/SearchReference/Savedsearch

Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...