Splunk search for Skipped searches by app
Copy
index = _internal sourcetype=scheduler status=skipped
| stats count by app search_type reason savedsearch_name host
| sort - count | rename count as Count, app as App, search_type as "Search Type", reason as Reason, savedsearch_name as "Search Name", host as Host
This search will provide a list of skipped searches separated out by the app that they belong to. This will list the results in a table including the app context, search type, reason it was skipped, name of the search and host it was run on.
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment