Create search job in Splunk.
Application
Splunk
Inputs (what you have)
Name | Description | Data Type | Required? | Example |
Connected Account | The connected account to use for the request | Connected Account | Yes | |
Query | Search language string to execute, in Splunk's Search Processing Language | Text (Long) | Yes | |
Ad hoc search level | Predefined Choice List | No | ||
Auto-cancel after (seconds) | Seconds after which the search job automatically cancels | Number | No | |
Auto-finalize after (num events) | Auto-finalize the search after at least this many events are processed | Number | No | |
Auto pause after (seconds) | Seconds of inactivity after which the search job automatically pauses | Number | No | |
Earliest index | The earliest index time for the search (inclusive) | Datetime | No | |
Earliest time | The earliest cut-off for the search (inclusive) | Datetime | No | |
Exec mode | Predefined Choice List | No | ||
Indexed real time offset | Seconds of disk sync delay for indexed real-time search | Number | No | |
Latest index | The latest index time for the search (inclusive) | Datetime | No | |
Latest time | The latest cut-off for the search (inclusive) | Datetime | No | |
Max time | Number of seconds to run this search before finalizing. Enter 0 to never finalize | Number | No | |
Namespace | Application namespace in which to restrict searches | Text (Short) | No | |
Reduce frequency | How frequently to run the MapReduce reduce phase on accumulated map values | Number | No | |
Remote server list | Comma-separated list of (possibly wildcarded) servers from which raw events should be pulled. This same server list is to be used in subsearches | Text (Long) | No | |
Reuse limit (seconds) | Number of seconds ago to check when an identical search is started and return the job’s search ID instead of starting a new job | Number | No | |
Required field | Name of a required field to add to the search. Even if not referenced or used directly by the search, a required field is still included in events and summary endpoints | Text (Short) | No | |
Search mode | Predefined Choice List | No | ||
Status buckets | The most status buckets to generate. Set to 0 generate no timeline information | Number | No | |
Timeout | Number of seconds to keep this search after processing has stopped | Number | No | |
Workload pool | New workload pool where the existing running search should be placed | Text (Short) | No |
Outputs (what you get)
Name | Description | Data Type | Required? | Example |
JSON Output | JSON output returned by the API | Text (Long) | No |
Outcomes
Name | Description |
Success | This status is selected if the job has successfully completed. |
Unsuccessful | This status is selected if the job has completed unsuccessfully. |
Requirements
N/A