update_saved_search
Modify an existing saved search's configuration including query, scheduling, time ranges, and visibility settings while preserving unchanged parameters.
Instructions
Update an existing saved search's configuration including query, scheduling, and other properties. Allows selective modification of saved search parameters while preserving unchanged settings. Supports updating search logic, time ranges, scheduling configuration, and visibility settings for flexible search management.\n\nArgs:\n name (str): Name of the saved search to update (required)\n search (str, optional): New SPL search query\n description (str, optional): New description text\n earliest_time (str, optional): New default earliest time (e.g., '-24h@h', '-7d', '2024-01-01T00:00:00')\n latest_time (str, optional): New default latest time (e.g., 'now', '@d', '2024-01-02T00:00:00')\n is_scheduled (bool, optional): Enable or disable scheduled execution\n cron_schedule (str, optional): New cron expression for scheduling\n is_visible (bool, optional): Show or hide in Splunk UI\n app (str, optional): Application context for saved search lookup\n owner (str, optional): Owner context for saved search lookup\n\nResponse Format:\nReturns dictionary with 'status', 'name', 'updated', 'changes_made', and 'updated_at' fields.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| name | Yes | ||
| search | No | ||
| description | No | ||
| earliest_time | No | ||
| latest_time | No | ||
| is_scheduled | No | ||
| cron_schedule | No | ||
| is_visible | No | ||
| app | No | ||
| owner | No |