Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.splunk
Class SavedSearch

java.lang.Object
  extended by com.splunk.Resource
      extended by com.splunk.Entity
          extended by com.splunk.SavedSearch
All Implemented Interfaces:
java.util.Map<java.lang.String,java.lang.Object>
public class SavedSearch
extends Entity

The SavedSearch class represents a saved search.

Nested Class Summary
 
Nested classes/interfaces inherited from interface java.util.Map
java.util.Map.Entry<K,V>
 
Field Summary
 
Fields inherited from class com.splunk.Resource
actions, path, service, title
 
Method Summary
 void acknowledge()
          Acknowledges the suppression of alerts from this saved search and resumes alerting.
protected  java.lang.String actionPath(java.lang.String action)
          Returns the path that corresponds to the requested action.
 Job dispatch()
          Runs the saved search.
 Job dispatch(java.util.Map args)
          Runs the saved search using dispatch arguments.
 java.lang.String getActionEmailSendResults()
          Indicates whether search results are attached to an email.
 java.lang.String getActionEmailTo()
          Returns a list of email recipients.
 java.lang.String getAlertComparator()
          Returns the alert comparator.
 java.lang.String getAlertCondition()
          Returns a conditional search that is evaluated against the results of the saved search.
 java.lang.String getAlertExpires()
          Returns the amount of time to show the alert in the dashboard.
 int getAlertSeverity()
          Returns the alert severity level.
 java.lang.String getAlertSuppress()
          Indicates whether alert suppression is enabled for this search.
 java.lang.String getAlertSuppressPeriod()
          Returns the alert suppression period, which is only valid if AlertSuppress is enabled.
 java.lang.String getAlertThreshold()
          Returns the value to compare to before triggering the alert action.
 java.lang.String getAlertTrack()
          Returns a value that indicates how to track the actions triggered by this saved search.
 java.lang.String getAlertType()
          Returns a value that indicates what to base the alert on.
 java.lang.String getCronSchedule()
          Returns the cron schedule for running this saved search.
 java.lang.String getDescription()
          Returns a human-readable description of this saved search.
 int getDispatchBuckets()
          Returns the maximum number of timeline buckets.
 java.lang.String getDispatchEarliestTime()
          Returns the earliest time for this search.
 java.lang.String getDispatchLatestTime()
          Returns the latest time for this search.
 boolean getDispatchLookups()
          Indicates whether look-ups are enabled for this search.
 int getDispatchMaxCount()
          Returns the maximum number of results before finalizing the search.
 java.lang.String getDispatchMaxTime()
          Returns the maximum amount of time before finalizing the search.
 int getDispatchReduceFreq()
          Returns how frequently Splunk should run the MapReduce reduce phase on accumulated map values.
 boolean getDispatchSpawnProcess()
          Indicates whether Splunk spawns a new search process when this saved search is executed.
 java.lang.String getDispatchTimeFormat()
          Returns the time format used to specify the earliest and latest times for this search.
 java.lang.String getDispatchTtl()
          Returns the time to live for artifacts of the scheduled search (the time before the search job expires and artifacts are still available), if no alerts are triggered.
 java.lang.String getDisplayView()
          Returns the default UI view in which to load results.
 int getMaxConcurrent()
          Returns the maximum number of concurrent instances of this search the scheduler is allowed to run.
 boolean getRealtimeSchedule()
          Indicates whether the scheduler computes the next run time of a scheduled search based on the current time or on the last search run time (for continuous scheduling).
 java.lang.String getRequestUiDispatchApp()
          Returns the app this search should be dispatched in.
 java.lang.String getRequestUiDispatchView()
          Returns the view this search should be displayed in.
 boolean getRestartOnSearchPeerAdd()
          Indicates whether a real-time search managed by the scheduler is restarted when a search peer becomes available for this saved search.
 boolean getRunOnStartup()
          Indicates whether this search is run when Splunk starts.
 java.lang.String getSearch()
          Returns the search expression for this saved search.
 java.lang.String getVsid()
          Returns the view state ID that is associated with the view specified in the DisplayView property.
 Job[] history()
          Returns an array of search jobs created from this saved search.
 boolean isActioncScript()
          Indicates whether the script action is enabled.
 boolean isActionEmail()
          Indicates whether the email action is enabled.
 boolean isActionPopulateLookup()
          Indicates whether the populate-lookup action is enabled.
 boolean isActionRss()
          Indicates whether the RSS action is enabled.
 boolean isActionSummaryIndex()
          Indicates whether the summary-index action is enabled.
 boolean isDigestMode()
          Indicates whether Splunk applies the alert actions to the entire result set (digest) or to each individual search result (per result).
 boolean isScheduled()
          Indicates whether this search is run on a schedule.
 boolean isVisible()
          Indicates whether the search should be visible in the saved search list.
 void update(java.util.Map<java.lang.String,java.lang.Object> args)
          Updates the entity with the specified arguments.
 
Methods inherited from class com.splunk.Entity
clear, containsKey, containsValue, disable, enable, entrySet, get, getMetadata, isDisabled, isEmpty, keySet, put, putAll, refresh, reload, remove, remove, size, validate, values
 
Methods inherited from class com.splunk.Resource
getActions, getName, getPath, getService, getTitle, invalidate
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface java.util.Map
equals, hashCode
 

Method Detail

acknowledge

public void acknowledge()
Acknowledges the suppression of alerts from this saved search and resumes alerting.

actionPath

protected java.lang.String actionPath(java.lang.String action)
Returns the path that corresponds to the requested action.

Overrides:
actionPath in class Entity
Parameters:
action - The requested action.
Returns:
The return path.

dispatch

public Job dispatch()
Runs the saved search.

Returns:
The search job.

dispatch

public Job dispatch(java.util.Map args)
Runs the saved search using dispatch arguments.

Parameters:
args - Dispatch arguments.
Returns:
The search job.

history

public Job[] history()
Returns an array of search jobs created from this saved search.

Returns:
An array of search jobs.

getActionEmailSendResults

public java.lang.String getActionEmailSendResults()
Indicates whether search results are attached to an email.

Returns:
true if search results are attached to an email, false if not.

getActionEmailTo

public java.lang.String getActionEmailTo()
Returns a list of email recipients.

Returns:
A semicolon-delimited list of email recipients.

getAlertExpires

public java.lang.String getAlertExpires()
Returns the amount of time to show the alert in the dashboard.

Returns:
The amount of time, in [number][time-unit] format. For example, "24h".

getAlertSeverity

public int getAlertSeverity()
Returns the alert severity level. The severity levels are: 1 (debug), 2 (info), 3 (warn), 4 (error), 5 (severe), and 6 (fatal).

Returns:
The alert severity level as a value from 1-6.

getAlertSuppress

public java.lang.String getAlertSuppress()
Indicates whether alert suppression is enabled for this search.

Returns:
true if alert suppression is enabled for this search, false if not.

getAlertSuppressPeriod

public java.lang.String getAlertSuppressPeriod()
Returns the alert suppression period, which is only valid if AlertSuppress is enabled.

Returns:
The alert suppression period, in [number][time-unit] format. For example, "24h".
See Also:
getAlertSuppress()

getAlertTrack

public java.lang.String getAlertTrack()
Returns a value that indicates how to track the actions triggered by this saved search. Valid values are: true (force tracking), false (disable tracking), and auto (tracking is based on the setting of each action).

Returns:
Returns the alert tracking setting.

getAlertComparator

public java.lang.String getAlertComparator()
Returns the alert comparator. Valid values are: greater than, less than, equal to, rises by, drops by, rises by perc, and drops by perc.

Returns:
The alert comparator.

getAlertCondition

public java.lang.String getAlertCondition()
Returns a conditional search that is evaluated against the results of the saved search.

Returns:
A conditional search string.

getAlertThreshold

public java.lang.String getAlertThreshold()
Returns the value to compare to before triggering the alert action. Valid values are: Integer[%]?

Returns:
The alert threshold value.

getAlertType

public java.lang.String getAlertType()
Returns a value that indicates what to base the alert on. Valid values are: always, custom, number of events, number of hosts, and number of sources. This value is overridden by AlertCondition if specified.

Returns:
The alert type.
See Also:
getAlertCondition()

getCronSchedule

public java.lang.String getCronSchedule()
Returns the cron schedule for running this saved search.

Returns:
The cron string.

getDescription

public java.lang.String getDescription()
Returns a human-readable description of this saved search.

Returns:
A description of the saved search.

getDispatchBuckets

public int getDispatchBuckets()
Returns the maximum number of timeline buckets.

Returns:
The maximum number of timeline buckets.

getDispatchEarliestTime

public java.lang.String getDispatchEarliestTime()
Returns the earliest time for this search. This value can be a relative or absolute time (as formatted by DispatchTimeFormat).

Returns:
The earliest time for this search.
See Also:
getDispatchTimeFormat()

getDispatchLatestTime

public java.lang.String getDispatchLatestTime()
Returns the latest time for this search. This value can be a relative or absolute time (as formatted by DispatchTimeFormat).

Returns:
The latest time for this search.
See Also:
getDispatchTimeFormat()

getDispatchLookups

public boolean getDispatchLookups()
Indicates whether look-ups are enabled for this search.

Returns:
true if look-ups are enabled, false if not.

getDispatchMaxCount

public int getDispatchMaxCount()
Returns the maximum number of results before finalizing the search.

Returns:
The maximum number of results.

getDispatchMaxTime

public java.lang.String getDispatchMaxTime()
Returns the maximum amount of time before finalizing the search.

Returns:
The maximum amount of time, in seconds.

getDispatchReduceFreq

public int getDispatchReduceFreq()
Returns how frequently Splunk should run the MapReduce reduce phase on accumulated map values.

Returns:
The reduce frequency.

getDispatchSpawnProcess

public boolean getDispatchSpawnProcess()
Indicates whether Splunk spawns a new search process when this saved search is executed.

Returns:
true if Splunk spawns a new process when this saved search is executed, false if not.

getDispatchTimeFormat

public java.lang.String getDispatchTimeFormat()
Returns the time format used to specify the earliest and latest times for this search.

Returns:
The time format.

getDispatchTtl

public java.lang.String getDispatchTtl()
Returns the time to live for artifacts of the scheduled search (the time before the search job expires and artifacts are still available), if no alerts are triggered. If the integer is followed by the letter 'p', Splunk interprets the time to live as a multiple of the scheduled search period.

Returns:
The time to live, in seconds or as a multiple of the scheduled search period.

getDisplayView

public java.lang.String getDisplayView()
Returns the default UI view in which to load results.

Returns:
The view name.

getMaxConcurrent

public int getMaxConcurrent()
Returns the maximum number of concurrent instances of this search the scheduler is allowed to run.

Returns:
The maximum number of concurrent instances that are allowed.

getRealtimeSchedule

public boolean getRealtimeSchedule()
Indicates whether the scheduler computes the next run time of a scheduled search based on the current time or on the last search run time (for continuous scheduling).

Returns:
true if the run time is based on current time, false if based on the previous search time.

getRequestUiDispatchApp

public java.lang.String getRequestUiDispatchApp()
Returns the app this search should be dispatched in.

Returns:
The app name.

getRequestUiDispatchView

public java.lang.String getRequestUiDispatchView()
Returns the view this search should be displayed in.

Returns:
The view name.

getRestartOnSearchPeerAdd

public boolean getRestartOnSearchPeerAdd()
Indicates whether a real-time search managed by the scheduler is restarted when a search peer becomes available for this saved search.

Returns:
true if a real-time search is restarted, false if not.

getRunOnStartup

public boolean getRunOnStartup()
Indicates whether this search is run when Splunk starts. If the search is not run on startup, it runs at the next scheduled time.

Returns:
true if this search is run when Splunk starts, false if not.

getSearch

public java.lang.String getSearch()
Returns the search expression for this saved search.

Returns:
The search expression.

getVsid

public java.lang.String getVsid()
Returns the view state ID that is associated with the view specified in the DisplayView property. This ID corresponds to a stanza in the viewstates.conf configuration file.

Returns:
The view state ID.
See Also:
getDisplayView()

isActionEmail

public boolean isActionEmail()
Indicates whether the email action is enabled.

Returns:
true if the email action is enabled, false if not.

isActionPopulateLookup

public boolean isActionPopulateLookup()
Indicates whether the populate-lookup action is enabled.

Returns:
true if the populate-lookup action is enabled, false if not.

isActionRss

public boolean isActionRss()
Indicates whether the RSS action is enabled.

Returns:
true if the RSS action is enabled, false if not.

isActioncScript

public boolean isActioncScript()
Indicates whether the script action is enabled.

Returns:
true if the script action is enabled, false if not.

isActionSummaryIndex

public boolean isActionSummaryIndex()
Indicates whether the summary-index action is enabled.

Returns:
true if the summary-index action is enabled, false if not.

isDigestMode

public boolean isDigestMode()
Indicates whether Splunk applies the alert actions to the entire result set (digest) or to each individual search result (per result).

Returns:
true if actions are applied per digest, false if per result.

isScheduled

public boolean isScheduled()
Indicates whether this search is run on a schedule.

Returns:
true if this search is run on a schedule, false if not.

isVisible

public boolean isVisible()
Indicates whether the search should be visible in the saved search list.

Returns:
true if the search should be listed, false if not.

update

public void update(java.util.Map<java.lang.String,java.lang.Object> args)
Updates the entity with the specified arguments.

Overrides:
update in class Entity
Parameters:
args - The arguments to update.
Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD