Create Search Job
Create a new Search Job based on a search query string.
External Documentation
To learn more, visit the Splunk documentation.
Basic Parameters
| Parameter | Description |
|---|---|
| Earliest Time | Specify a time string. Sets the earliest (inclusive), respectively, time bounds for the search. |
| Latest Time | Specify a time string. Sets the latest (exclusive), respectively, time bounds for the search. |
| Search Query | The search query the created job will run. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Ad Hoc Search Level | The search level of the created search. For more information, refer to the Splunk Documentation. |
| Custom ID | Optional string to specify the search ID (<sid>). If unspecified, a random ID is generated. |
| Execution Mode | If set to normal, runs an asynchronous search. If set to blocking, returns the sid when the job is complete. If set to oneshot, returns results in the same call. In this case, you can specify the format for the output (for example, json output) using the output_mode parameter as described in GET search/jobs/export. Default format for output is xml. Does not return the search ID. |
| Search Mode | If set to realtime, search runs over live data. A real-time search may also be indicated by earliesttime and latesttime variables starting with 'rt' even if the searchmode is set to normal or is unset. For a real-time search, if both earliesttime and latest_time are both exactly 'rt', the search represents all appropriate live data received since the start of the search. |
Example Output
{
"sid": "1684851655.78"
}
Workflow Library Example
Create Search Job with Splunk and Send Results Via Email
Preview this Workflow on desktop