I know it has been a while since you asked this @axelmunoz but this might be able to help others since I couldn't find any results either and had to make something. If I made any bad assumptions please correct me. Alternate definition for an artifact: "An artifact is a saved search job that has not reached its ttl yet per search,user,app" This returns all of the artifacts SIDs then makes an event for each and uses the map command to loop through them loading in the results.  | rest /services/search/jobs | rename eai:acl.app as app | table author label app defaultTTL ttl diskUsage dispatchState isDone id isFailed isSavedSearch delegate published sid ```extra fields for human``` | where isDone=1 AND like(label,"PutSavedSearchNameHere") ```update this with the name of the search you want. probably smart to add app and user too``` | stats values(sid) as sid by label app author ```this version will be limited by values() max. Use count and mvrange instead if you need over values() max``` | mvexpand sid | map maxsearches=50000 search="| loadjob $sid$" ... View more