splunk-saved-searches
Get saved search list from Splunk server.
splunk-saved-searches [profile=PROFILE]
- profile=PROFILE
- The identifier of Splunk connect profile
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| profile | String | Connect profile | The identifier of Splunk connect profile |
| name | String | Name | |
| description | String | Description | |
| disabled | Bool | Disabled | |
| cron_schedule | String | Cron schedule | |
| next_scheduled_time | Date | Next scheduled time | |
| run_on_startup | Bool | Run on startup | |
| search | String | Search | Query string in SPL |
| alert_type | String | Alert type | e.g. always, number of events |
| alert_severity | Integer | Alert severity | e.g. 1 |
| alert_comparator | String | Alert comparator | e.g. greater than |
| alert_threshold | String | Alert threshold | |
| alert_suppress | Bool | Alert suppress | |
| alert_suppress_fields | String | Alert suppress fields | |
| alert_suppress_period | String | Alert suppress period | e.g. 60d |
| action_email_to | String | Email to | |
| action_email_cc | String | Email cc | |
| action_email_bcc | String | Email bcc | |
| action_email_subject | String | Email subject | |
| action_email_msg | String | Email message | |
| action_email_format | String | Email format | e.g. table |
| updated | Date | Updated |