Splunk search for Scheduled searches that run duplicate times
Copy
index=_internal sourcetype=scheduler scheduled_time=* savedsearch_name=* | stats count by scheduled_time, savedsearch_name | search count>1 | table savedsearch_name count | rename savedsearch_name as "Search Name" count as "Number of Times This Search Runs Each Time it is Called"
This search will provide a table of saved searches that seem to be running duplicate times. This search checks for scheduled searches that run at exactly the same time.
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment