Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to Configure Sequential Searches...

lpolo
Motivator
‎03-14-2012 07:07 AM

I have 5 queries that have to be run in sequential order.
Is there a way in Splunk to schedule 5 searches like presented in the example? 

Example:
Schedule Search 1 -> Runs every 2 hours.
Search 2 -> Runs after schedule search 1 is executed.
Search 3 -> Runs after search 2 is executed.
Search 4 -> Runs after search 3 is executed.
Search 5 -> Runs after search 4 is executed.

Any ideas will be appreciated.

Thanks,
Lp

Tags (1)
Reply

Ledion_Bitincka
Splunk Employee
Splunk Employee
‎03-17-2012 01:19 PM

The best way to solve this is through a script which has the flexibility of deciding when to dispatch the searches. You can decide whether to wait for a search to complete before dispatching the next one, or maybe dispatch a couple of them in parallel, or even modify a search based on the results of the previous search.

0 Karma
Reply

lpolo
Motivator
‎03-17-2012 04:38 AM

I have been able to solve this problem in two ways.
1) By determining the max execution time of every scheduled search and then configure the schedule search time of each search accordingly. This approach has its limitations.

2) By creating a script that assures that the set of searches are executed in the define sequential order based on the result set data flow.

It will be nice if the user could use the search scheduler to define the execution order of a set scheduled searches base on the result set data flow as presented in the example.

Thanks.
Lp

0 Karma
Reply

reed_kelly
Contributor
‎07-12-2012 07:16 AM

I agree that this would be a nice enhancement. We have created a lot of independant scheduled searches along with emails of attached CSV reports. We could convert it all to a script, but we have tried to do everything natively.

0 Karma
Reply

lpolo
Motivator
‎03-15-2012 04:38 AM

Yes. I have a sequential inter-dependency as I presented in the example.

Thanks.

0 Karma
Reply

lguinn2
Legend
‎03-14-2012 03:19 PM

Does each search have to wait until the prior search completes?

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...