Page tree
Skip to end of metadata
Go to start of metadata

Use this command to create saved searches.

To understand the syntax and examples, see:

Syntax

Note

Before you run the command, note the following points:

create -d <hostname> -u <username> [-v] [-s] -w <password> -p <portNumber> -e savedsearch –a <List of attributes> [-l <locale>]

  • Angle brackets (< >) indicate a variable value that needs to be user defined.
  • Square brackets ([ ]) indicate optional parameters.

The following table describes the parameters used in the syntax:

ParameterDescription
-a

Attributes of the entity that you want to create. You can specify multiple attributes by providing a comma-separated list.

This parameter must be in the format key=value. You can specify multiple attributes by providing a comma-separated list. For example, key1=value1,key2=value2.

Note: An attribute is a unit of information about the entity.

You can provide the following attributes to get details about a saved search:

  • queryName=<Saved Search Name>

    where <Saved Search Name> refers to the name you want to use to create the saved search.

  • queryString=<Query String>
    where <Query String> refers to the saved search query string.
  • (Optional) description=<Saved Search Description>
    where <Saved Search Description> refers to the optional description that you might want to provide for the saved search.

  • startTime=<Search Start Time>
    where <Search Start Time> refers to the saved search start time (in the Java long time format). If you provide this input, ensure that you also provide the endTime and absoluteTime inputs.
  • endTime=<Search End Time>
    where <Search End Time> refers to the saved search end time (in the Java long time format). If you provide this input, ensure that you also provide the startTime and absoluteTime inputs.
  • absoluteTime=<Boolean value>
    where <Boolean value> refers to the value true or false depending on whether or not the saved search time is an absolute value (custom time). Providing this input is only necessary if you are providing the startTime and endTime inputs.
  • relativeMinutes=<Relative time>
    where <Relative time> refers to the relative time (in minutes) that you are using for the saved search. You can use 5 (Last 5 minutes), 15 (Last 15 minutes), 60 (Last 60 minutes), 360 (Last 6 hours), 1440 (Last 24 hours), 2880 (Last 2 days), and 10080 (Last 7 days). If you are not providing a custom time range (absolute time), then you need to provide this input.
  • (Optional) share=<Boolean value>
    where <Boolean value> refers to the value true or false depending on whether or not the saved search must be public.
  • (Optional) chartType=<Type of chart>
    where <Type of chart> refers to the values bar, column, doughnut, pie, and line. This input is not required for creating a saved search. But supposing you want to use the resultant saved search to create a dashboard, then the Chart type field will default to the same value as specified while running the command. If you do not provide this input, this value is set to bar.
  • (Optional) summarizationField=<Field or tag name>
    where <Field or tag name> refers to an existing field name or tag name. This input is not required for creating a saved search. But supposing you want to use the resultant saved search to create a dashboard, then the Summarization Field is set to the same value as specified while running the command. If you do not provide this input, this value is set to HOST. While providing this value, the case is important; it must be the same as it appears on the UI. For example, COLLECTOR_NAME.
-d
Host name of the Console Server
-e

The entity that you want to create. Enter savedsearch.

-p
Port number of the Console Server.
-u
User name to use to connect with the Console Server.
-w
Password corresponding to the user name to use to connect with the Console Server.
-v
(Optional) Version of the IT Data Analytics product.
-s
(Optional) Indicates an HTTPS connection.
-l

(Optional) Indicates the locale in which you want to display messages when the command is run.

You can set one of the following locales:

  • English
  • Simplified Chinese
  • German
  • French

By default, the messages are displayed in the locale of the system on which the CLI is run.

The value can be set to one of the following depending on the locale you choose:

  • English: en
  • Simplified Chinese: chs
  • German: de
  • French: fr

Example: If you want to set the locale as Simplified Chinese, you need to specify, l=chs.

Example inputs

The following example provides the input for creating a saved search for the time context of "Last 7 days" (10080 minutes).

Note that this saved search is not marked as public and all the inputs containing the space character are enclosed in double quotes.

create -d localhost -u admin -w admin12345 -p 9797 -e savedsearch -a queryName="Star Query for relative time",queryString="*",description="Query with *",relativeMinutes=10080,share=false

The following example provides the input for creating a saved search for the time context, "Aug 16 2013 5:30 PM - Aug 23 2013 8:00 PM".

Note that this saved search is marked as public and all the inputs containing the space character are enclosed in double quotes.

create -d localhost -u admin -w admin12345 -p 9797 -e savedsearch -a queryName="Star Query for absolute time",queryString="*",description="Query with *",startTime=1376654400000,endTime=1377268200000,absoluteTime=true,share=true