create_saved_search
Create and schedule saved searches in Splunk to automate recurring queries, generate reports, and share insights with team members.
Instructions
Create a saved search (report/automation) with optional scheduling and sharing. Use this to persist useful SPL queries and optionally schedule them via cron.\n\nOutputs: creation status and the applied configuration.\nSecurity: visibility and execution are constrained by permissions and chosen sharing level.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| name | Yes | ||
| search | Yes | ||
| description | No | ||
| earliest_time | No | ||
| latest_time | No | ||
| app | No | ||
| sharing | No | user | |
| is_scheduled | No | ||
| cron_schedule | No | ||
| is_visible | No |