Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Limitation to search query ?

rakesh_498115
Motivator
‎09-05-2012 11:05 AM

Hi,

I have written a search query and saved it as a Saved Search.Now can i restrict this SavedSearch to be executed only once perday..i.e When i click on the savedsearch it should run and fetch the desired results for me only once per day and so that if i try to excute the same saved search again , it should throw error sayin "Search OPeration not allowed " like this..

Is this possible in splunk ?? or can we have any idea of this sort applicable to splunk ?? if so can you please provide me a solution...

thanx.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎09-05-2012 11:30 AM

You can schedule a search to run once a day. You can set permissions on the search so that only a limited set of people have access to it (even read access will allow a person to run the search).

You can also find the search in savedsearches.conf and add this to the stanza:

is_visible = false

Now the search will not show up in any menu, even for roles that have read permission. However, the search will still be visible in the Manager -> Searches and Reports for those that have read permissions.

AFAIK, this is the best that you can do to prevent the search from being run. There is no setting that prevents the search from being run more than once a day.

View solution in original post

Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎09-05-2012 11:30 AM

You can schedule a search to run once a day. You can set permissions on the search so that only a limited set of people have access to it (even read access will allow a person to run the search).

You can also find the search in savedsearches.conf and add this to the stanza:

is_visible = false

Now the search will not show up in any menu, even for roles that have read permission. However, the search will still be visible in the Manager -> Searches and Reports for those that have read permissions.

AFAIK, this is the best that you can do to prevent the search from being run. There is no setting that prevents the search from being run more than once a day.

Reply
Solved! Jump to solution

rakesh_498115
Motivator
‎09-05-2012 12:36 PM

thnx for the info..:)

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...