Don't give un-necessary load to your Splunk..:P.... use loadjob command instead.
github: https://github.com/mycyberly/Splunk-learning/blob/main/Search-commands/loadjob
Reach out to me at: https://www.linkedin.com/in/my-cyberly-6a5a0024a/
loadjob: loadjob command (it comes under generating commands category) loads events or results of a previously completed search job. you can load the results in two way
1. by specifying the search job id sid or a
2. by specifying the scheduled search name and the time range of the current search. If a saved search name is provided and multiple results are found within that range, the latest result will be loaded.
index=_internal sourcetype=splunkd group=* component=* thread=* | table _time group component thread
Benefit: You can load your old search results and work on that. That means if you want to add some more filters to previous search result then you need not to run the new search, instead you can load or call the previous completed search / or saved search results and then add you filters on top of that.
#Splunk
# References :
https://docs.splunk.com/Documentation/SplunkCloud/8.2.2203/SearchReference/Loadjob
