Hi hylam,

assuming your saved search is named foo...

How do I list them?

 index=_audit savedsearch_name="foo" search_id='scheduler_*' 

Can I run a subsearch to list them and pick the 5th one?

 | loadjob [ search index=_audit savedsearch_name="foo" search_id='scheduler_*' | fields _time, search_id | sort - _time | head 5 | tail 1 | rename search_id AS search | eval search=replace(search, "\'","")  ]

Can I run a subsearch to list them and pick a random one?

| loadjob [ search index=_audit savedsearch_name="foo" search_id='scheduler_*' | fields _time, search_id | sort - _time  |  eval random=random() | eval random=substr(random, 1, 1) | table search_id, random | dedup random | where random="7" | rename search_id AS search | eval search=replace(search, "\'","") | fields - random ]

Some messy work around since tail and head don't like to use $boo$ values 😉

Hope this helps ...

cheers, MuS