Splunk Cloud Platform

Search Manual

Scheduling searches

You can schedule searches to run on a regular basis.

Option Description More information
Report After you save a search as a report, you can convert that report into a scheduled report. A scheduled report is a report that runs on a scheduled interval, and which can trigger an action each time the report runs. There are two actions available for scheduled reports: Send email and Run a script. See Schedule reports in the Reporting Manual.
Dashboard panel There are several options to create a scheduled report:
  • You can create a dashboard panel that is based on that scheduled report.
  • When you save an ad hoc search as a dashboard panel, the panel refers to the search as an inline search. You can edit the dashboard panel to convert the search to a report and then schedule the report.
See Working with dashboard panels in the Dashboards and Visualizations manual.
Alert You can create a scheduled alert to search for events on a regular schedule. You can configure scheduling, trigger conditions, and throttling to customize the alert. See Create scheduled alerts in the Alerting Manual.

See Also

Saving searches

Last modified on 24 March, 2017
Saving searches   About federated search

This documentation applies to the following versions of Splunk Cloud Platform: 8.2.2203, 8.2.2112, 8.2.2201, 8.2.2202, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters