Query Saved Searches
Use the rest command to search for saved searches matching specified criteria.
| rest /servicesNS/<user>/<app>/saved/searches
e.g.
| rest /servicesNS/-/-/saved/searches
Reference:
https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/rest
Useful fields in output
| Field Name | Remark / Sample Value |
|---|---|
title |
search name |
search |
actual SPL query |
cron_schedule |
e.g. 10 * * * * |
description |
friendly description |
author |
|
disabled |
0=Enabled, 1=Disabled |
dispatch.earliest_time |
e.g. -1h@h |
dispatch.latest_time |
e.g. -0h@h |
next_scheduledtime |
time at which the saved search will run next |
updated |
time at which the saved search was last updated |
action.email.toaction.email.ccaction.email.bcc |
recipients of any email notification |
eai:acl.app |
the Splunk app in which the saved search resides |