Solved: Adding saved search using splunk CLI with enableSc...

hkaiser · ‎05-15-2014

Hello all,

I'm trying to define splunk saved-search using the splunk CLI.
In order to enable scheduling of a saved search, I identified the option "enableSched" in the savedsearch.conf. I would like to enable this option. However it looks like enableSched is not supported on the CLI.

However it looks like the parameter is not supported:

/opt/splunk/bin/splunk edit saved-search -name 'Test123' -enableSched '1'

An error occurred:

In handler 'savedsearch': Argument "enableSched" is not supported by this handler.

Is there another possiblity to enable scheduling of a report from the command line?

Also is there any possiblity to get a list of all possible parameters of splunk? Looks like /bin/splunk help does not provide much detail in this case and the splunk online documentation about the CLI does not provide such detail.

Thank you.

LukeMurphey · ‎08-11-2014

Instead of setting "enableSched", try "is_scheduled" instead. This should work:

/opt/splunk/bin/splunk edit saved-search -name 'Test123'  -is_scheduled '1'

I'm making a bug report to get them to make this more intuitive.

View solution in original post

LukeMurphey · ‎08-11-2014

Instead of setting "enableSched", try "is_scheduled" instead. This should work:

/opt/splunk/bin/splunk edit saved-search -name 'Test123'  -is_scheduled '1'

I'm making a bug report to get them to make this more intuitive.

arichman · ‎05-22-2015

glad I found this!

Adding saved search using splunk CLI with enableSched does not work

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases