Run Search
Create a new Search Job based on a search query string, and get the search results. Note: If the search time reaches the action timeout limit, the action will return a timeout error and the search job ID.
Basic Parameters
| Parameter | Description |
|---|---|
| Ad Hoc Search Level | The search level of the created search. For more information, refer to the Splunk Documentation. |
| Earliest Time | Specify a time string. Sets the earliest (inclusive), respectively, time bounds for the search. |
| Execution Mode | If set to normal, runs an asynchronous search. If set to blocking, returns the sid when the job is complete. If set to oneshot, returns results in the same call. In this case, you can specify the format for the output (for example, json output) using the output_mode parameter as described in GET search/jobs/export. Default format for output is xml. Does not return the search ID. |
| Latest Time | Specify a time string. Sets the latest (exclusive), respectively, time bounds for the search. |
| Output Mode Results | Specifies the format for the returned output. |
| Search Mode | If set to realtime, search runs over live data. A real-time search may also be indicated by earliest_time and latest_time variables starting with 'rt' even if the search_mode is set to normal or is unset. For a real-time search, if both earliest_time and latest_time are both exactly 'rt', the search represents all appropriate live data received since the start of the search. |
| Search Query | The search query the created job will run. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Add Summary To Metadata | Select to include field summary statistics in the response. |
| Custom ID | Optional string to specify the search ID (<sid>). If unspecified, a random ID is generated. |
Workflow Library Example
Run Search with Splunk and Send Results Via Email
Preview this Workflow on desktop