Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I count different types of Splunk searches

arpit_arora
Explorer
‎10-25-2017 01:39 PM

Hello, I am reading the following resource from Splunk documentation and I find that there are 8 types of searches in Splunk.
I am listing them below.
https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Search/Dispatchdirectoryandsearchartifacts

(1) Local ad hoc search
(2) Saved search
(3) Scheduled search
(4) Remote search
(5) Real-time search
(6) Replicated search
(7) Replicated scheduled search
(8) Report acceleration search

I am trying to understand how can I count the number of such searches.

Tags (1)
0 Karma
Reply

niketn
Legend
‎10-30-2017 08:41 AM

@arpit_arora , (Disitributed) Management Console or DMC built in to Splunk provides a lot of these insights. You have merged Search Modes (Real-Time, Historical, etc) and Search Types (Scheduled, Report Acceleration, Datamodel Acceleration etc) together.

You should check out following two Dashboards under DMC > Search

By Changing the Group By dropdown to Mode or Type, you should be able to gather analytical information as per your need. If not you can build your own query on top of these as per your use case.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

DalJeanis
Legend
‎10-25-2017 02:48 PM

Lots of those categories intermingle - some are run-time/past and some aren't.

As long as you are going for everything, you might as well add "skipped search" to the list.

0 Karma
Reply

lfedak_splunk
Splunk Employee
Splunk Employee
‎10-25-2017 01:55 PM

Hey @arpit_arora, saw this in the queue twice--this post is now live and the other one was closed. I edited to include the second title.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...