For situations where Workload Management rules are not applicable or for greater control of the execution settings. This alert action accepts a list of SIDs then uses the Splunk REST Search api to modify search jobs. Using this alert action you can * Finalize a job * Pause a job * Set the workload management pool * Set the search priority * Unpause a job * Cancel a job * Touch (extends the expiry to now + ttl) * Set TTL * Enable events preview * Disable events preview * Save * Unsave For more detail please refer to https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTsearch#search.2Fjobs.2F.7Bsearch_id.7D.2Fcontrol