How to pass parameter not starting with args to sa...

Splunk Dev

Normally we can pass parameter to saved search by args.* form, but how to pass parameter not starting with args. such as $host$. In spl, savedsearch can pass parameter correctly, but if I invoke saved search dispatch action by rest api, parameter not starting with args can't be accepted, it will return an error.

Sample saved search query with host as one of the parameters that I want to substitute at runtime:

index=fooindex sourcetype=foosourcetype host=$args.host$

Sample JS code to dispatch with argument substitution:

mySavedSearch.dispatch({"args.host": "foohost"}, function(err, job) {

Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

Are you a member of the Splunk Community?