Skip to main content
Trigger a workflow on every new search job result. Endpoint: /api/v1/m/default_search (Cribl Cloud) || /api/v1/search/jobs (Cribl On-Prem)
Workflows based on this trigger will search for new events every 5 minutes.

Parameters

ParameterDescription
Search QueryThe search query specifying the data to search and the functions and operators to run.

For example: dataset=* | limit 100

For more information regarding building a search query, visit Cribl documentation.

Note: Do not use the sort field in the query since the trigger appends it automatically.

Sample Event

{
	"_time": 1753884392.779,
	"dataset": "$vt_jobs",
	"earliest": "-7d",
	"id": "1783394392438.BGKDEn",
	"latest": "now",
	"numStages": 1,
	"query": "dataset=\"$vt_dummy\"",
	"resolvedDatasets": [
		"$vt_dummy"
	],
	"sampleRate": 1,
	"setOptions": {},
	"status": "completed",
	"timeCompleted": 1753884393823,
	"timeCreated": 1753884392779,
	"timeStarted": 1753884393267,
	"type": "standard",
	"user": "John Doe"
}