Splunk Search

Load Saved Results via CLI

clincg
Path Finder

Does anyone know how to load saved results from a previous search via CLI command? The documentation suggests that we can run saved search via CLI command, but there is no mention of loading saved results from a previous search via CLI.

The reason I asked is that we often run search over a large set of data that will take a long time to run (over a few hours), after the search, we would like to save the search result and export the large result set over CLI commands later. Currently the UI limits the export to 10,000 rows.

Thanks!

Tags (1)
1 Solution

ftk
Motivator

Take a look at the loadjob command. You can load the results set of a previously executed job if you know either the job's ID or the name of the saved search run. This should work just fine from the CLI.

View solution in original post

ftk
Motivator

Take a look at the loadjob command. You can load the results set of a previously executed job if you know either the job's ID or the name of the saved search run. This should work just fine from the CLI.

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...