Skip to content

splunk get-saved-eventtypes

Access an event type.

Description

Manage saved event types.

Synopsis

splunk get-saved-eventtypes
    --site <site>
    [--count <count>]
    [--sort_key <sort_key>]
    [--sort_dir <sort_dir>]

Arguments

site - (string)

     Site where this command will be executed
     Example: --site "site-1"
     Default: input.site      Attributes: required

count - (int)

     Limit the number of results returned. Set 0 to return all results.
     Example: --count 0
     Default: 0      Attributes: optional

sort_key - (string)

     Field name to use for sorting.
     Example: --sort_key "updated"
     Default: updated      Attributes: optional

sort_dir - (string)

     Response sort order.
     Example: --sort_dir "sort_dir-1"
     Default: _None_      Attributes: optional

     Validation:
         allowed values: asc, desc

Examples

Input: 

!splunk get-saved-eventtypes
Output: 
UPDATED                     AUTHOR  NAME                  
1970-01-01T05:30:00+05:30   nobody  internal_search_terms   
1970-01-01T05:30:00+05:30   nobody  splunkd-access          
1970-01-01T05:30:00+05:30   nobody  splunkd-log
Input: 
x= !splunk get-saved-eventtypes
Output: 
{
   "links": {
     "create": "/servicesNS/admin/-/saved/eventtypes/_new",
     "_reload": "/servicesNS/admin/-/saved/eventtypes/_reload",
     "_acl": "/servicesNS/admin/-/saved/eventtypes/_acl"
   },
   "origin": "https://localhost:8089/servicesNS/admin/-/saved/eventtypes",
   "updated": "2023-02-07T15:31:48+05:30",
   "generator": {
     "build": "dd0128b1f8cd",
     "version": "9.0.3"
   },
   "entry": [
     {
       "name": "internal_search_terms",
       "id": "https://localhost:8089/servicesNS/nobody/system/saved/eventtypes/internal_search_terms",
       "updated": "1970-01-01T05:30:00+05:30",
       "links": {
         "alternate": "/servicesNS/nobody/system/saved/eventtypes/internal_search_terms",
         "list": "/servicesNS/nobody/system/saved/eventtypes/internal_search_terms",
         "_reload": "/servicesNS/nobody/system/saved/eventtypes/internal_search_terms/_reload",
         "edit": "/servicesNS/nobody/system/saved/eventtypes/internal_search_terms",
         "disable": "/servicesNS/nobody/system/saved/eventtypes/internal_search_terms/disable"
       },
       "author": "nobody",
       "acl": {
         "app": "system",
         "can_change_perms": true,
         "can_list": true,
         "can_share_app": true,
         "can_share_global": true,
         "can_share_user": false,
         "can_write": true,
         "modifiable": true,
         "owner": "nobody",
         "perms": {
           "read": [
             "*"
           ],
           "write": [
             "admin"
           ]
         },
         "removable": false,
         "sharing": "system"
       },
       "content": {
         "color": "none",
         "description": "",
         "disabled": false,
         "eai:acl": null,
         "eai:appName": "system",
         "eai:userName": "nobody",
         "priority": 1,
         "search": "( \"After evaluating args\" OR \"Before evaluating args\" OR \"context dispatched for search=\" OR \"SearchParser - PARSING\" OR \"got search\" OR \"_dispatchNewSearch - search\" OR \"search:* - q\" OR ( decomposition fullsearch ) OR \"PAAAAAARSER! - search\" OR \"view:* - DECOMPOSITION\" OR \"Splunk.Module.SearchBar .setInputField\" OR ( typeahead prefix ) OR \"DEBUG HTTPServer - Deleting request=GET\" OR /en-US/api/search/typeahead )",
         "tags": []
       }
     }   
   ],
   "paging": {
     "total": 4,
     "perPage": 30,
     "offset": 0
   },
   "messages": []
 }

Access Control

To use this command, you need access to the following:

Field Value
Action "read"
Service Type "splunk"
Service Instance
Namespace
Object Type "event"
Object ID

Please see Access Control for details.