create
Use this command to create saved searches.
To understand the syntax and examples, see:
Syntax
create -d <hostname> -u <username> [-v] [-s] -w <password> -p <portNumber> -e savedsearch
–a queryName=<Saved Search Name>, queryString=<Query String>,
description=<Saved Search Description>, startTime=<Search Start Time>,
endTime=<Search End Time>, absoluteTime=<Boolean value>,
relativeMinutes=<Relative time>, share=<Boolean value>
- Angle brackets (< >) indicate a variable value that needs to be user defined.
- Square brackets ([ ]) indicate optional parameters.
The following table describes the parameters used in the syntax:
Example input
The following example provides the input for creating a saved search:
create -d localhost -u admin -w admin -p 9797 -e savedsearch -a
queryName="Star Query",queryString="*", description="Query with
*",startTime=1376654400000,endTime=1377268200000, absoluteTime=false,
relativeMinutes=10080,
share=false
queryName="Star Query",queryString="*", description="Query with
*",startTime=1376654400000,endTime=1377268200000, absoluteTime=false,
relativeMinutes=10080,
share=false
Related topic
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*