Splunk Saved Search

Overview

You can use this Snap to define polling intervals in which the Snap looks for the status of the search and if the time taken to retrieve the search exceeds a configurable timeout limit, an exception will be thrown.


Splunk Saved Search Snap

Prerequisites

None.

Limitations and known issues

None.

Snap views

View Description Examples of upstream and downstream Snaps
Input This Snap has exactly one document input view. It may contain values to evaluate the JavaScript expression in the Saved search name property. Upstream Snap is optional.
Output This Snap has exactly one document output view and provides the document data stream for the search result.
Error

Error handling is a generic way to handle errors without losing data or failing the Snap execution. You can handle the errors that the Snap might encounter when running the pipeline by choosing one of the following options from the When errors occur list under the Views tab. The available options are:

  • Stop Pipeline Execution Stops the current pipeline execution when the Snap encounters an error.
  • Discard Error Data and Continue Ignores the error, discards that record, and continues with the remaining records.
  • Route Error Data to Error View Routes the error data to an error view without stopping the Snap execution.

Learn more about Error handling in Pipelines.

Snap settings

Note:
  • Suggestion icon (): Indicates a list that is dynamically populated based on the configuration.
  • Expression icon (): Indicates whether the value is an expression (if enabled) or a static value (if disabled). Learn more about Using Expressions in SnapLogic.
  • Add icon (Plus Icon): Indicates that you can add fields in the field set.
  • Remove icon (Minus Icon): Indicates that you can remove fields from the field set.
Field / Field set Type Description
Label String

Required. Specify a unique name for the Snap. Modify this to be more appropriate, especially if more than one of the same Snaps is in the pipeline.

Default value: Splunk Saved Search

Example: MyApp_Log_Data
Saved search name String/Expression

Required. Specify the search query that has been saved in Splunk. All saved searches will be listed if you click on the Suggest button in the property.

Default value: N/A

Example: License Usage Data Cube

Polling interval Integer

Required. Specify the polling interval in seconds while waiting for the completion of the search execution. At each polling interval, the Snap checks the status of the search execution.

Maximum value: 60

Default value: 5

Example: 5

Polling timeout Integer

Required. Specify the polling timeout in seconds to wait for the completion of the search execution. If the timeout occurs while waiting for the completion of the search execution, the Snap throws an exception.

Minimum value: 10

Default value: 300

Example: 300

Snap execution Dropdown list Select one of the three modes in which the Snap executes.
Available options are:
  • Validate & Execute. Performs limited execution of the Snap and generates a data preview during pipeline validation. Subsequently, performs full execution of the Snap (unlimited records) during pipeline runtime.
  • Execute only. Performs full execution of the Snap during pipeline execution without generating preview data.
  • Disabled. Disables the Snap and all Snaps that are downstream from it.

Examples