Solved: Output saved searches by owner

ejread · ‎02-25-2013

To reduce duplication of efforts and clean up resource-intensive searches, I am trying to output a list of all saved searches, including the following attributes -

Name of search
Owner
Is it scheduled?
Schedule time
Search string

I have used the Splunk btool command, which provided everything except for the search owner. Is there any way to obtain this info?

jonuwz · ‎02-25-2013

This should get you started :

| rest /servicesNS/-/-/saved/searches | fields title *owner* *search* *schedule*

Run from the search bar

View solution in original post

jonuwz · ‎02-25-2013

This should get you started :

| rest /servicesNS/-/-/saved/searches | fields title *owner* *search* *schedule*

Run from the search bar

ejread · ‎02-26-2013

This worked great. I had to add the count argument to see them all, but this is exactly what we needed. thanks!

Output saved searches by owner

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation