Get Search Job Results
Access the search results by a specific search's ID.
External Documentation
To learn more, visit the Splunk documentation.
Basic Parameters
| Parameter | Description |
|---|---|
| Output Mode | Specifies the format for the returned output. |
| Search ID | The ID of the search for which to get results. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Add Summary To Metadata | - |
| Count | The maximum number of results to return. If value is set to 0, then all available results are returned. |
| Offset | The first result (inclusive) from which to begin returning data. This value is 0-indexed. Default value is 0. In 4.1+, negative offsets are allowed and are added to count to compute the absolute offset (for example, offset=-1 is the last available offset). Offsets in the results are always absolute and never negative. |
Example Output
{
"init_offset": 0,
"messages": [
{
"text": "base lispy: [ AND index::_internal source::*/metrics.log ]",
"type": "DEBUG"
},
{
"text": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Applications/splunk/etc\"",
"type": "DEBUG"
}
],
"preview": false,
"results": [
{
"index": "_internal",
"source": "/Applications/splunk/var/log/splunk/metrics.log",
"sourcetype": "splunkd"
},
{
"index": "_internal",
"source": "/Applications/splunk/var/log/splunk/metrics.log",
"sourcetype": "splunkd"
},
{
"index": "_internal",
"source": "/Applications/splunk/var/log/splunk/metrics.log",
"sourcetype": "splunkd"
}
]
}
Workflow Library Example
Get Search Job Results with Splunk and Send Results Via Email
Preview this Workflow on desktop