Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Limitation to search query ?

rakesh_498115
Motivator
‎09-05-2012 11:05 AM

Hi,

I have written a search query and saved it as a Saved Search.Now can i restrict this SavedSearch to be executed only once perday..i.e When i click on the savedsearch it should run and fetch the desired results for me only once per day and so that if i try to excute the same saved search again , it should throw error sayin "Search OPeration not allowed " like this..

Is this possible in splunk ?? or can we have any idea of this sort applicable to splunk ?? if so can you please provide me a solution...

thanx.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎09-05-2012 11:30 AM

You can schedule a search to run once a day. You can set permissions on the search so that only a limited set of people have access to it (even read access will allow a person to run the search).

You can also find the search in savedsearches.conf and add this to the stanza:

is_visible = false

Now the search will not show up in any menu, even for roles that have read permission. However, the search will still be visible in the Manager -> Searches and Reports for those that have read permissions.

AFAIK, this is the best that you can do to prevent the search from being run. There is no setting that prevents the search from being run more than once a day.

View solution in original post

Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎09-05-2012 11:30 AM

You can schedule a search to run once a day. You can set permissions on the search so that only a limited set of people have access to it (even read access will allow a person to run the search).

You can also find the search in savedsearches.conf and add this to the stanza:

is_visible = false

Now the search will not show up in any menu, even for roles that have read permission. However, the search will still be visible in the Manager -> Searches and Reports for those that have read permissions.

AFAIK, this is the best that you can do to prevent the search from being run. There is no setting that prevents the search from being run more than once a day.

Reply
Solved! Jump to solution

rakesh_498115
Motivator
‎09-05-2012 12:36 PM

thnx for the info..:)

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...