- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello all,
I'm trying to define splunk saved-search using the splunk CLI.
In order to enable scheduling of a saved search, I identified the option "enableSched" in the savedsearch.conf. I would like to enable this option. However it looks like enableSched is not supported on the CLI.
However it looks like the parameter is not supported:
/opt/splunk/bin/splunk edit saved-search -name 'Test123' -enableSched '1'
An error occurred:
In handler 'savedsearch': Argument "enableSched" is not supported by this handler.
Is there another possiblity to enable scheduling of a report from the command line?
Also is there any possiblity to get a list of all possible parameters of splunk? Looks like /bin/splunk help does not provide much detail in this case and the splunk online documentation about the CLI does not provide such detail.
Thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Instead of setting "enableSched", try "is_scheduled" instead. This should work:
/opt/splunk/bin/splunk edit saved-search -name 'Test123' -is_scheduled '1'
I'm making a bug report to get them to make this more intuitive.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Instead of setting "enableSched", try "is_scheduled" instead. This should work:
/opt/splunk/bin/splunk edit saved-search -name 'Test123' -is_scheduled '1'
I'm making a bug report to get them to make this more intuitive.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
glad I found this!
