splunk get-saved-eventtypes
Access an event type.
Description
Manage saved event types.
Synopsis
splunk get-saved-eventtypes
--site <site>
[--count <count>]
[--sort_key <sort_key>]
[--sort_dir <sort_dir>]
Arguments
site
- (string)
Site where this command will be executed
Example: --site "site-1"
Default: input.site
Attributes: required
count
- (int)
Limit the number of results returned. Set 0 to return all results.
Example: --count 0
Default: 0
Attributes: optional
sort_key
- (string)
Field name to use for sorting.
Example: --sort_key "updated"
Default: updated
Attributes: optional
sort_dir
- (string)
Response sort order.
Example: --sort_dir "sort_dir-1"
Default: _None_
Attributes: optional
Validation:
allowed values: asc, desc
Examples
Input:
Output:UPDATED AUTHOR NAME
1970-01-01T05:30:00+05:30 nobody internal_search_terms
1970-01-01T05:30:00+05:30 nobody splunkd-access
1970-01-01T05:30:00+05:30 nobody splunkd-log
{
"links": {
"create": "/servicesNS/admin/-/saved/eventtypes/_new",
"_reload": "/servicesNS/admin/-/saved/eventtypes/_reload",
"_acl": "/servicesNS/admin/-/saved/eventtypes/_acl"
},
"origin": "https://localhost:8089/servicesNS/admin/-/saved/eventtypes",
"updated": "2023-02-07T15:31:48+05:30",
"generator": {
"build": "dd0128b1f8cd",
"version": "9.0.3"
},
"entry": [
{
"name": "internal_search_terms",
"id": "https://localhost:8089/servicesNS/nobody/system/saved/eventtypes/internal_search_terms",
"updated": "1970-01-01T05:30:00+05:30",
"links": {
"alternate": "/servicesNS/nobody/system/saved/eventtypes/internal_search_terms",
"list": "/servicesNS/nobody/system/saved/eventtypes/internal_search_terms",
"_reload": "/servicesNS/nobody/system/saved/eventtypes/internal_search_terms/_reload",
"edit": "/servicesNS/nobody/system/saved/eventtypes/internal_search_terms",
"disable": "/servicesNS/nobody/system/saved/eventtypes/internal_search_terms/disable"
},
"author": "nobody",
"acl": {
"app": "system",
"can_change_perms": true,
"can_list": true,
"can_share_app": true,
"can_share_global": true,
"can_share_user": false,
"can_write": true,
"modifiable": true,
"owner": "nobody",
"perms": {
"read": [
"*"
],
"write": [
"admin"
]
},
"removable": false,
"sharing": "system"
},
"content": {
"color": "none",
"description": "",
"disabled": false,
"eai:acl": null,
"eai:appName": "system",
"eai:userName": "nobody",
"priority": 1,
"search": "( \"After evaluating args\" OR \"Before evaluating args\" OR \"context dispatched for search=\" OR \"SearchParser - PARSING\" OR \"got search\" OR \"_dispatchNewSearch - search\" OR \"search:* - q\" OR ( decomposition fullsearch ) OR \"PAAAAAARSER! - search\" OR \"view:* - DECOMPOSITION\" OR \"Splunk.Module.SearchBar .setInputField\" OR ( typeahead prefix ) OR \"DEBUG HTTPServer - Deleting request=GET\" OR /en-US/api/search/typeahead )",
"tags": []
}
}
],
"paging": {
"total": 4,
"perPage": 30,
"offset": 0
},
"messages": []
}
Access Control
To use this command, you need access to the following:
Field | Value |
---|---|
Action | "read" |
Service Type | "splunk" |
Service Instance | |
Namespace | |
Object Type | "event" |
Object ID |
Please see Access Control for details.