Trigger a workflow on every new search job result.
Workflows based on this trigger will search for new events every 5 minutes.
Parameters
| Parameter | Description |
|---|
| Search Query | The search query specifying the data to search and the functions and operators to run.
For example: dataset=* | limit 100
For more information regarding building a search query, visit Cribl documentation.
Note: Do not use the sort field in the query since the trigger appends it automatically. |
Sample Event
{
"_time": 1753884392.779,
"dataset": "$vt_jobs",
"earliest": "-7d",
"id": "1783394392438.BGKDEn",
"latest": "now",
"numStages": 1,
"query": "dataset=\"$vt_dummy\"",
"resolvedDatasets": [
"$vt_dummy"
],
"sampleRate": 1,
"setOptions": {},
"status": "completed",
"timeCompleted": 1753884393823,
"timeCreated": 1753884392779,
"timeStarted": 1753884393267,
"type": "standard",
"user": "John Doe"
}
