Skip to main content
Trigger a workflow on every new search job result. Endpoint: /api/v1/m/default_search (Cribl Cloud) || /api/v1/search/jobs (Cribl On-Prem)
Workflows with this trigger check for new events every 5 minutes by default. You can adjust this interval in the Trigger settings.

Parameters

ParameterDescription
Search QueryThe search query specifying the data to search and the functions and operators to run.

For example: dataset=* | limit 100

For more information regarding building a search query, visit Cribl documentation.

Note: Do not use the sort field in the query since the trigger appends it automatically.

Sample Event

{
	"_time": 1753884392.779,
	"dataset": "$vt_jobs",
	"earliest": "-7d",
	"id": "1783394392438.BGKDEn",
	"latest": "now",
	"numStages": 1,
	"query": "dataset=\"$vt_dummy\"",
	"resolvedDatasets": [
		"$vt_dummy"
	],
	"sampleRate": 1,
	"setOptions": {},
	"status": "completed",
	"timeCompleted": 1753884393823,
	"timeCreated": 1753884392779,
	"timeStarted": 1753884393267,
	"type": "standard",
	"user": "John Doe"
}