Run search and fetch results from Splunk server.

profile=PROFILE

The identifier of Splunk connect profile

duration=NUM{mon|w|d|h|m|s}

Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example, 10s means data from 10 seconds earlier.

from=yyyyMMddHHmmss

Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.

to=yyyyMMddHHmmss

End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.

[SPL]

This item is a required parameter, not an optional parameter, and the SPL (Splunk Processing Language) you want to execute must be entered in square brackets.

Output Fields

Output fields are determined by search query string.