create

Use this command to create saved searches.

To understand the syntax and examples, see:

Related topics

Where to find more information

Using-the-command-line-interface

Managing saved searches

Syntax

Note

Prefix this command with the following, as appropriate:

  • For Windows: itda.bat
  • For Linux: ./itda.sh

create -d <hostname> -u <username> [-v] [-s] -w <password> -p <portNumber>
-e savedsearch –a <List of attributes> 

  • Angle brackets (< >) indicate a variable value that needs to be user defined.
  • Square brackets ([ ]) indicate optional parameters.

The following table describes the parameters used in the syntax:

Example inputs

The following example provides the input for creating a saved search for the time context of "Last 7 days" (10080 minutes).

Note that this saved search is not marked as public and all the inputs containing the space character are enclosed in double quotes.

create -d localhost -u admin -w admin -p 9797 -e savedsearch -a
queryName="Star Query for relative time",queryString="*",description="Query with
*",relativeMinutes=10080,share=false

The following example provides the input for creating a saved search for the time context, "Aug 16 2013 5:30 PM - Aug 23 2013 8:00 PM".

Note that this saved search is marked as public and all the inputs containing the space character are enclosed in double quotes.

create -d localhost -u admin -w admin -p 9797 -e savedsearch -a
queryName="Star Query for absolute time",queryString="*",description="Query with
*",startTime=1376654400000,endTime=1377268200000,absoluteTime=true,share=true

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*