Skip to main content

Search Splunk

Synopsis

Reads search results from a Splunk® server.

Description

This operator can be used to query a Splunk® server based on a query term and returns the results as an example set. Search results can be restricted by specifying a time frame.

Input

connection

This input port expects a Connection object if any. See the parameter connection entry for more information.

Output

result

The example set consisting of the search results.

connection

This output port delivers the Connection object from the input port. If the input port is not connected the port delivers nothing.

Parameters

Connection source

This parameter indicates how the connection should be specified. It gives you two options, predefined and repository. The parameter is not visible if the connection input port is connected.

Connection entry

This parameter is only available when the connection source parameter is set to repository. This parameter is used to specify a repository location that represents a connection entry. The connection can also be provided using the connection input port.

Connection

This parameter is only available when the connection source parameter is set to predefined. The Splunk® connection to use. Select a connection from the dropdown or click the button to create a new one.

Query

The Splunk® query in Splunk Process Language (SPL).

Earliest time

If this parameter is set, it specifies the earliest time in the time range to search.

Latest time

If this parameter is set, it specifies the latest time in the time range to search.

Pagination

If set, only a limited number of results will be returned, starting from a given offset.

Offset

Offset from which the result set should start.

Limit

Maximum number of results to return.