Hi,
I have a scheduled report named ABC running every night at 1:00AM. It is owned by user USER for Application XYZ.
What is the search syntax to load this in a search application?
I used:
| loadjob savedsearch="USER:XYZ:ABC"
I am getting an error that says, artifacts not found.
What I would like is to use the results from this report, run some stats and OUTPUT to another CSV to be used for some of the drop down menus I have in my dashboard. My report is very large and drop down menus are taking longer when I run queries using scheduled report as reference.
Thanks,
HI @mbasharat
You do have the correct syntax of
| loadjob savedsearch="USER:XYZ:ABC"
A few things you could do
1) Go to Search, Reports and Alerts; find the saved search and then do View Recent. If there isn't a view recent then the report didn't run.
2) Activity -> Jobs -> Search for the job name
3) If you have access to the _internal index then search for it. Maybe there's some information about the job. For example
index=_internal "ABC"
12-28-2018 17:34:55.337 +0000 INFO SavedSplunker - savedsearch_id="nobody;search;ABC", search_type="scheduled", user="USER", app="search", savedsearch_name="ABC", priority=default, status=success, digest_mode=1, scheduled_time=1546017600, window_time=0, dispatch_time=1546017600, run_time=894.569, result_count=477, alert_actions="", sid="scheduler__USER__search__RMD5b823e1cbe61b853a_at_1546017600_8337", suppressed=0, thread_id="AlertNotifierWorker-0"
HI @mbasharat
You do have the correct syntax of
| loadjob savedsearch="USER:XYZ:ABC"
A few things you could do
1) Go to Search, Reports and Alerts; find the saved search and then do View Recent. If there isn't a view recent then the report didn't run.
2) Activity -> Jobs -> Search for the job name
3) If you have access to the _internal index then search for it. Maybe there's some information about the job. For example
index=_internal "ABC"
12-28-2018 17:34:55.337 +0000 INFO SavedSplunker - savedsearch_id="nobody;search;ABC", search_type="scheduled", user="USER", app="search", savedsearch_name="ABC", priority=default, status=success, digest_mode=1, scheduled_time=1546017600, window_time=0, dispatch_time=1546017600, run_time=894.569, result_count=477, alert_actions="", sid="scheduler__USER__search__RMD5b823e1cbe61b853a_at_1546017600_8337", suppressed=0, thread_id="AlertNotifierWorker-0"