Attempting to build some monitoring whereby we run a Splunk search from the command line interface (CLI) over a given timerange and that returns a certain count and then uses that count to trigger off alarms. I'm able to successfully get it all set up and the search is running successfully - but every time it runs, in addition to the count, it also returns "INFO: Your timerange was substituted based on your search string." Here's an example of the search we're running:
./search 'index=sandbox EventType=Content_Failed earliest=-15m@m |stats count'
This returns the INFO line above and then the count of "0" when things are good. The problem is that the INFO line is being interpreted by our third party system as part of the output of the search and ends up triggering off false alarms.
Is there any way to prevent that INFO line from appearing when running a CLI search with a specified timerange?
↧