Actually, it did point me to looking at rest interface, and coming up with a solution.

So the endpoint I want to use seems to be | rest servicesNS/-/-/admin/summarization.

For whatever reason, that doesn't give me back the names of the searches, but puts the name into a constructed field ending with .name, that has the name of the saved search into it. Since the output is a table, all 146 rows of the output had 146 *.name fields, where only one had the name with some other info I needed to strip into them.

I ended up with this query now, i may get some additional fields into it, but this is basically it:

| rest servicesNS/-/-/admin/summarization |fields author eai:acl.app eai:acl.owner summary.access_count summary.load_factor *.name | foreach *.name [eval searchname=coalesce(replace('<<FIELD>>',"([^;]+;[^;]+;)(.+)","\2"),searchname)] | fields - *.name | sort summary.access_count

Should I mark yours as accepted answer now, because it made me look in the right direction?

knielson,

I would mark it as answered - sometimes a good pointer is all the answer that's needed. And by the way, we really appreciate you spending the time to write up what you found, because that's what's really helpful to those who search for these keywords later and come across this answer!

Thanks,
Rich

Yeah, I will.

And now I am digging into "does access count=0 really means it is never used?". From 146 accelerated searches in our system, 98 have access count 0, many of those with a load factor > 0.5. That seems brutal if I understand the docs correctly. 🙂