Skip to content

splunk list-saved-searches

Access saved searches configuration.

Description

Access and create saved searches.

Synopsis

splunk list-saved-searches
    --site <site>
    [--count <count>]
    [--sort_key <sort_key>]
    [--sort_dir <sort_dir>]

Arguments

site - (string)

     Site where this command will be executed
     Example: --site "site-1"
     Default: input.site      Attributes: required

count - (int)

     Limit the number of results returned. Set 0 to return all results.
     Example: --count 0
     Default: 0      Attributes: optional

sort_key - (string)

     Field name to use for sorting.
     Example: --sort_key "updated"
     Default: updated      Attributes: optional

sort_dir - (string)

     Response sort order.
     Example: --sort_dir "sort_dir-1"
     Default: _None_      Attributes: optional

     Validation:
         allowed values: asc, desc

Examples

Input: 

!splunk list-saved-searches
Output: 
UPDATED                     AUTHOR  NAME                                
1970-01-01T05:30:00+05:30   nobody  Bucket Merge Retrieve Conf Settings 
1970-01-01T05:30:00+05:30   nobody  Errors in the last 24 hours         
1970-01-01T05:30:00+05:30   nobody  Errors in the last hour             
1970-01-01T05:30:00+05:30   nobody  License Usage Data Cube

Access Control

To use this command, you need access to the following:

Field Value
Action "read"
Service Type "splunk"
Service Instance
Namespace
Object Type "search"
Object ID

Please see Access Control for details.