com.splunk
Class SavedSearch

java.lang.Object
  extended by com.splunk.Resource
      extended by com.splunk.Entity
          extended by com.splunk.SavedSearch
All Implemented Interfaces:
java.util.Map<java.lang.String,java.lang.Object>

public class SavedSearch
extends Entity

The SavedSearch class represents a saved search.


Nested Class Summary
 
Nested classes/interfaces inherited from interface java.util.Map
java.util.Map.Entry<K,V>
 
Method Summary
 void acknowledge()
          Acknowledges the suppression of alerts from this saved search and resumes alerting.
 Job dispatch()
          Runs the saved search.
 Job dispatch(java.util.Map args)
          Runs the saved search using dispatch arguments.
 Job dispatch(SavedSearchDispatchArgs args)
          Runs the saved search using dispatch arguments.
 java.lang.String getActionEmailAuthPassword()
          Returns the email password.
 java.lang.String getActionEmailAuthUsername()
          Returns the email username.
 java.lang.String getActionEmailBcc()
          Returns the blind carbon copy (BCC) email address.
 java.lang.String getActionEmailCc()
          Returns the carbon copy (CC) email address.
 java.lang.String getActionEmailCommand()
          Returns the search command (or pipeline) that runs the action.
 java.lang.String getActionEmailFormat()
          Returns the format of text in the email.
 java.lang.String getActionEmailFrom()
          Returns the email sender's name.
 java.lang.String getActionEmailHostname()
          Returns the host name used in the web link (URL) that is sent in email alerts.
 boolean getActionEmailInline()
          Indicates whether the search results are contained in the body of the email.
 java.lang.String getActionEmailMailServer()
          Returns the address of the MTA server that is used to send the emails.
 int getActionEmailMaxResults()
          Returns the maximum number of search results to send in email alerts.
 java.lang.String getActionEmailMaxTime()
          Returns the maximum amount of time an email action takes before the action is canceled.
 java.lang.String getActionEmailPdfView()
          Returns the name of the view to deliver if ActionEmailSendPdf is enabled.
 java.lang.String getActionEmailPreProcessResults()
          Returns the search string for pre-processing results before emailing them.
 java.lang.String getActionEmailReportPaperOrientation()
          Returns the paper orientation.
 java.lang.String getActionEmailReportPaperSize()
          Returns the paper size for PDFs.
 boolean getActionEmailReportServerEnabled()
          Indicates whether the PDF server is enabled.
 java.lang.String getActionEmailReportServerUrl()
          Returns the URL of the PDF report server, if one is set up and available on the network.
 boolean getActionEmailSendPdf()
          Indicates whether to create and send the results in PDF format.
 boolean getActionEmailSendResults()
          Indicates whether search results are attached to an email.
 java.lang.String getActionEmailSubject()
          Returns the subject line of the email.
 java.lang.String getActionEmailTo()
          Returns a list of email recipients.
 boolean getActionEmailTrackAlert()
          Indicates whether running this email action results in a trackable alert.
 java.lang.String getActionEmailTtl()
          Returns the minimum time-to-live (ttl) of search artifacts if this email action is triggered.
 boolean getActionEmailUseSsl()
          Indicates whether to use secure socket layer (SSL) when communicating with the SMTP server.
 boolean getActionEmailUseTls()
          Indicates whether to use transport layer security (TLS) when communicating with the SMTP server.
 boolean getActionEmailWidthSortColumns()
          Indicates whether columns should be sorted from least wide to most wide, left to right.
 java.lang.String getActionPopulateLookupCommand()
          Returns the search command (or pipeline) that runs the action.
 java.lang.String getActionPopulateLookupDest()
          Returns the name of the lookup table or lookup path to populate.
 java.lang.String getActionPopulateLookupHostname()
          Returns the host name used in the web link (URL) that is sent in populate-lookup alerts.
 int getActionPopulateLookupMaxResults()
          Returns the maximum number of search results to send in populate-lookup alerts.
 java.lang.String getActionPopulateLookupMaxTime()
          Returns the maximum amount of time an alert action takes before the action is canceled.
 boolean getActionPopulateLookupTrackAlert()
          Indicates whether running this populate-lookup action results in a trackable alert.
 java.lang.String getActionPopulateLookupTtl()
          Returns the minimum time-to-live (ttl) of search artifacts if this populate-lookup action is triggered.
 java.lang.String getActionRssCommand()
          Returns the search command (or pipeline) that runs the action.
 java.lang.String getActionRssHostname()
          Returns the host name used in the web link (URL) that is sent in RSS alerts.
 int getActionRssMaxResults()
          Returns the maximum number of search results to send in RSS alerts.
 java.lang.String getActionRssMaxTime()
          Returns the maximum amount of time an RSS alert action takes before the action is canceled.
 boolean getActionRssTrackAlert()
          Indicates whether running this RSS action results in a trackable alert.
 java.lang.String getActionRssTtl()
          Returns the minimum time-to-live (ttl) of search artifacts if this RSS action is triggered.
 java.lang.String getActionScriptCommand()
          Returns the search command (or pipeline) that runs the action.
 java.lang.String getActionScriptFilename()
          Returns the filename of the script to call.
 java.lang.String getActionScriptHostname()
          Returns the host name used in the web link (URL) that is sent in script alerts.
 int getActionScriptMaxResults()
          Returns the maximum number of search results to send in script alerts.
 java.lang.String getActionScriptMaxTime()
          Returns the maximum amount of time a script action takes before the action is canceled.
 boolean getActionScriptTrackAlert()
          Indicates whether running this script action results in a trackable alert.
 java.lang.String getActionScriptTtl()
          Returns the minimum time-to-live (ttl) of search artifacts if this script action is triggered.
 java.lang.String getActionSummaryIndexCommand()
          Returns the search command (or pipeline) that runs the action.
 java.lang.String getActionSummaryIndexHostname()
          Returns the host name used in the web link (URL) that is sent in summary-index alerts.
 boolean getActionSummaryIndexInline()
          Indicates whether to run the summary indexing action as part of the scheduled search.
 int getActionSummaryIndexMaxResults()
          Returns the maximum number of search results to send in summary-index alerts.
 java.lang.String getActionSummaryIndexMaxTime()
          Returns the maximum amount of time a summary action takes before the action is canceled.
 java.lang.String getActionSummaryIndexName()
          Returns the name of the summary index where the results of the scheduled search are saved.
 boolean getActionSummaryIndexTrackAlert()
          Indicates whether running this summary-index action results in a trackable alert.
 java.lang.String getActionSummaryIndexTtl()
          Returns the minimum time-to-live (ttl) of search artifacts if a summary-index action is triggered.
 java.lang.String getAlertComparator()
          Returns the alert comparator.
 java.lang.String getAlertCondition()
          Returns a conditional search that is evaluated against the results of the saved search.
 boolean getAlertDigestMode()
          Indicates whether Splunk applies the alert actions to the entire result set (digest) or to each individual search result (per result).
 java.lang.String getAlertExpires()
          Returns the amount of time to show the alert in the dashboard.
 int getAlertSeverity()
          Returns the alert severity level.
 boolean getAlertSuppress()
          Indicates whether alert suppression is enabled for this search.
 java.lang.String getAlertSuppressFields()
          Returns a list of fields to use for alert suppression.
 java.lang.String getAlertSuppressPeriod()
          Returns the alert suppression period, which is only valid if AlertSuppress is enabled.
 java.lang.String getAlertThreshold()
          Returns the value to compare to before triggering the alert action.
 java.lang.String getAlertTrack()
          Returns a value that indicates how to track the actions triggered by this saved search.
 java.lang.String getAlertType()
          Returns a value that indicates what to base the alert on.
 java.lang.String getCronSchedule()
          Returns the cron-style schedule for running this saved search.
 java.lang.String getDescription()
          Returns a description of this saved search.
 int getDispatchBuckets()
          Returns the maximum number of timeline buckets.
 java.lang.String getDispatchEarliestTime()
          Returns the earliest time for this search.
 java.lang.String getDispatchLatestTime()
          Returns the latest time for this search.
 boolean getDispatchLookups()
          Indicates whether lookups are enabled for this search.
 int getDispatchMaxCount()
          Returns the maximum number of results before finalizing the search.
 int getDispatchMaxTime()
          Returns the maximum amount of time before finalizing the search.
 boolean getDispatchRealTimeBackfill()
          Indicates whether to back fill the real-time window for this search.
 int getDispatchReduceFrequency()
          Returns how frequently Splunk runs the MapReduce reduce phase on accumulated map values.
 boolean getDispatchRtBackfill()
          Deprecated. Use getDispatchRealTimeBackfill() instead.
 boolean getDispatchSpawnProcess()
          Indicates whether Splunk spawns a new search process when running this saved search.
 java.lang.String getDispatchTimeFormat()
          Returns the time format used to specify the earliest and latest times for this search.
 java.lang.String getDispatchTtl()
          Returns the time to live (ttl) for artifacts of the scheduled search (the time before the search job expires and artifacts are still available), if no alerts are triggered.
 java.lang.String getDisplayView()
          Returns the default view in which to load results.
 int getMaxConcurrent()
          Returns the maximum number of concurrent instances of this search the scheduler is allowed to run.
 java.util.Date getNextScheduledTime()
          Returns the next scheduled time.
 java.lang.String getQualifiedSearch()
          Returns the qualified search.
 boolean getRealtimeSchedule()
          Indicates whether the scheduler computes the next run time of a scheduled search based on the current time or on the last search run time (for continuous scheduling).
 java.lang.String getRequestUiDispatchApp()
          Returns the app in which Splunk Web dispatches this search.
 java.lang.String getRequestUiDispatchView()
          Returns the view in which Splunk Web displays this search.
 boolean getRestartOnSearchPeerAdd()
          Indicates whether a real-time search managed by the scheduler is restarted when a search peer becomes available for this saved search.
 boolean getRunOnStartup()
          Indicates whether this search is run when Splunk starts.
 java.lang.String getSearch()
          Returns the search query for this saved search.
 java.lang.String getVsid()
          Returns the view state ID that is associated with the view specified in the DisplayView attribute.
 Job[] history()
          Returns an array of search jobs created from this saved search.
 boolean isActionEmail()
          Indicates whether the email action is enabled.
 boolean isActionPopulateLookup()
          Indicates whether the populate-lookup action is enabled.
 boolean isActionRss()
          Indicates whether the RSS action is enabled.
 boolean isActionScript()
          Indicates whether the script action is enabled.
 boolean isActionSummaryIndex()
          Indicates whether the summary-index action is enabled.
 boolean isDigestMode()
          Indicates whether Splunk applies the alert actions to the entire result set (digest) or to each individual search result (per result).
 boolean isScheduled()
          Indicates whether this search is run on a schedule.
 boolean isVisible()
          Indicates whether the search should be visible in the saved search list.
 void setActionEmailAuthPassword(java.lang.String password)
          Sets the password to use when authenticating with the SMTP server.
 void setActionEmailAuthUsername(java.lang.String username)
          Sets the username to use when authenticating the SMTP server.
 void setActionEmailBcc(java.lang.String bcc)
          Sets the blind carbon copy (BCC) email address to use for email alerts.
 void setActionEmailCc(java.lang.String cc)
          Sets the carbon copy (CC) email address to use for email alerts.
 void setActionEmailCommand(java.lang.String command)
          Returns the search command (or pipeline) that runs the action.
 void setActionEmailFormat(java.lang.String format)
          Sets the format of text in the email.
 void setActionEmailFrom(java.lang.String from)
          Sets the email sender's name.
 void setActionEmailHostname(java.lang.String hostname)
          Sets the host name used in the web link (URL) to send in email alerts.
 void setActionEmailInline(boolean inline)
          Sets whether the search results are contained in the body of the email.
 void setActionEmailMailServer(java.lang.String mailServer)
          Sets the address of the MTA server that is used to send the emails.
 void setActionEmailMaxResults(int maxResults)
          Sets the maximum number of search results to send in email alerts.
 void setActionEmailMaxTime(java.lang.String maxTime)
          Sets the maximum amount of time an email action takes before the action is canceled.
 void setActionEmailPdfView(java.lang.String name)
          Sets the name of the view to deliver if ActionEmailSendPdf is enabled.
 void setActionEmailPreProcessResults(java.lang.String preprocess)
          Sets the search string for pre-processing results before emailing them.
 void setActionEmailReportPaperOrientation(java.lang.String orientation)
          Sets the paper orientation.
 void setActionEmailReportPaperSize(java.lang.String size)
          Sets the paper size for PDFs.
 void setActionEmailReportServerEnabled(boolean pdfServerEnabled)
          Sets whether the PDF server is enabled.
 void setActionEmailReportServerUrl(java.lang.String pdfServerUrl)
          Sets the URL of the PDF report server.
 void setActionEmailSendPdf(boolean sendPdf)
          Sets whether to create and send the results in PDF format.
 void setActionEmailSendResults(boolean sendResults)
          Sets whether to attach the search results to an email.
 void setActionEmailSubject(java.lang.String subject)
          Sets the subject line of the email.
 void setActionEmailTo(java.lang.String to)
          Sets a list of email recipients.
 void setActionEmailTrackAlert(boolean trackAlert)
          Sets whether running this email action results in a trackable alert.
 void setActionEmailTtl(java.lang.String ttl)
          Sets the minimum time-to-live in seconds of the search artifacts if an email action is triggered.
 void setActionEmailUseSsl(boolean useSsl)
          Sets whether to use secure socket layer (SSL) when communicating with the SMTP server.
 void setActionEmailUseTls(boolean useTls)
          Sets whether to use transport layer security (TLS) when communicating with the SMTP server.
 void setActionEmailWidthSortColumns(boolean widthSortColumns)
          Sets whether columns should be sorted from least wide to most wide, left to right.
 void setActionPopulateLookupCommand(java.lang.String command)
          Sets the search command (or pipeline) that runs the action.
 void setActionPopulateLookupDest(java.lang.String dest)
          Sets the name of the lookup table or lookup path to populate.
 void setActionPopulateLookupHostname(java.lang.String hostname)
          Sets the host name used in the web link (URL) to send in populate-lookup alerts.
 void setActionPopulateLookupMaxResults(int maxResults)
          Sets the maximum number of search results to send in populate-lookup alerts.
 void setActionPopulateLookupMaxTime(java.lang.String maxTime)
          Sets the maximum amount of time an alert action takes before the action is canceled.
 void setActionPopulateLookupTrackAlert(boolean trackAlert)
          Sets whether running this populate-lookup action results in a trackable alert.
 void setActionPopulateLookupTtl(java.lang.String ttl)
          Sets the minimum time-to-live (ttl) of the search artifacts if this populate-lookup action is triggered.
 void setActionRssCommand(java.lang.String command)
          Sets the search command (or pipeline) that runs the action.
 void setActionRssHostname(java.lang.String hostname)
          Sets the host name to use in the web link (URL) to send in RSS alerts.
 void setActionRssMaxResults(int maxResults)
          Sets the maximum number of search results to send in RSS alerts.
 void setActionRssMaxTime(java.lang.String maxTime)
          Sets the maximum amount of time an RSS action takes before the action is canceled.
 void setActionRssTrackAlert(boolean trackAlert)
          Sets whether running this RSS action results in a trackable alert.
 void setActionRssTtl(java.lang.String ttl)
          Sets the minimum time-to-live in seconds of the search artifacts if an RSS action is triggered.
 void setActions(java.lang.String actions)
          Sets whichs actions to enable.
 void setActionScriptCommand(java.lang.String command)
          Sets the search command (or pipeline) that runs the action.
 void setActionScriptFilename(java.lang.String filename)
          Sets the file name of the script to call.
 void setActionScriptHostname(java.lang.String hostname)
          Sets the host name used in the web link (URL) to send in script alerts.
 void setActionScriptMaxResults(int maxResults)
          Sets the maximum number of search results to send in script alerts.
 void setActionScriptMaxTime(java.lang.String maxTime)
          Sets the maximum amount of time a script action takes before the action is canceled.
 void setActionScriptTrackAlert(boolean trackAlert)
          Sets whether running this script action results in a trackable alert.
 void setActionScriptTtl(java.lang.String ttl)
          Sets the minimum time-to-live in seconds of the search artifacts if a script action is triggered.
 void setActionSummaryIndexCommand(java.lang.String command)
          Sets the search command (or pipeline) that runs the action.
 void setActionSummaryIndexHostname(java.lang.String hostname)
          Sets the host name used in the web link (URL) to send in summary-index alerts.
 void setActionSummaryIndexInline(boolean inline)
          Sets whether to run the summary indexing action as part of the scheduled search.
 void setActionSummaryIndexMaxResults(int maxResults)
          Sets the maximum number of search results to send in summary-index alerts.
 void setActionSummaryIndexMaxTime(java.lang.String maxTime)
          Sets the maximum amount of time a summary-index action takes before the action is canceled.
 void setActionSummaryIndexName(java.lang.String name)
          Sets the name of the summary index where the results of the scheduled search are saved.
 void setActionSummaryIndexTrackAlert(boolean trackAlert)
          Sets whether running summary-index action results in a trackable alert.
 void setActionSummaryIndexTtl(java.lang.String ttl)
          Sets the minimum time-to-live in seconds of the search artifacts if a summary-index action is triggered.
 void setAlertComparator(java.lang.String comparator)
          Sets the alert comparator.
 void setAlertCondition(java.lang.String conditional)
          Sets a conditional search that is evaluated against the results of the saved search.
 void setAlertDigestMode(boolean digest)
          Sets whether Splunk applies the alert actions to the entire result set or on each individual result.
 void setAlertExpires(java.lang.String period)
          Sets the period of time to show the alert in the dashboard.
 void setAlertSeverity(int severity)
          Sets the alert severity level, which is an integer from 1-6 (1=DEBUG, 2=INFO, 3=WARN, 4=ERROR, 5=SEVERE, 6=FATAL).
 void setAlertSuppress(boolean suppress)
          Sets whether to enable alert suppression for this scheduled search.
 void setAlertSuppressFields(java.lang.String fields)
          Specifies a list of fields to use for alert suppression.
 void setAlertSuppressPeriod(java.lang.String period)
          Sets the period for alert suppression.
 void setAlertThreshold(java.lang.String threshold)
          Sets the value to compare to before triggering the alert action.
 void setAlertTrack(java.lang.String track)
          Sets how to track the actions triggered by this saved search.
 void setAlertType(java.lang.String type)
          Sets a value that indicates what to base the alert on.
 void setCronSchedule(java.lang.String cronSchedule)
          Sets the cron schedule for running this saved search.
 void setDescription(java.lang.String description)
          Sets the description of this saved search.
 void setDisabled(boolean disabled)
          Sets whether the saved search is disabled.
 void setDispatchBuckets(int buckets)
          Sets the maximum number of timeline buckets.
 void setDispatchBuckets(java.lang.String buckets)
          Deprecated. Use setDispatchBuckets(int) instead.
 void setDispatchEarliestTime(java.lang.String earliestTime)
          Sets the earliest time for this search.
 void setDispatchLatestTime(java.lang.String latestTime)
          Sets the latest time for this search.
 void setDispatchLookups(boolean lookups)
          Sets whether to enable lookups for this search.
 void setDispatchMaxCount(int max)
          Sets the maximum number of results before finalizing the search.
 void setDispatchMaxTime(int max)
          Sets the maximum time before finalizing the search.
 void setDispatchRealTimeBackfill(boolean backfill)
          Sets whether to back fill the real-time window for this search.
 void setDispatchReduceFrequency(int seconds)
          Sets how frequently Splunk should run the MapReduce reduce phase on accumulated map values.
 void setDispatchSpawnProcess(boolean spawn)
          Sets whether Splunk spawns a new search process when running this saved search.
 void setDispatchTimeFormat(java.lang.String format)
          Sets the time format used to specify the earliest and latest times for this search.
 void setDispatchTtl(java.lang.String format)
          Sets the minimum time-to-live in seconds of the search artifacts if no actions are triggered.
 void setDisplayView(java.lang.String view)
          Sets the default view in which to load the results.
 void setIsScheduled(boolean value)
          Sets whether this search runs on a schedule.
 void setIsVisible(boolean value)
          Sets whether this search appears in the visible list of saved searches.
 void setMaxConcurrent(int max)
          Sets the maximum number of concurrent instances of this search the scheduler is allowed to run.
 void setRealtimeSchedule(boolean value)
          Sets how the scheduler computes the next time a scheduled search is run.
 void setRequestUiDispatchApp(java.lang.String app)
          Sets the app in which Splunk Web dispatches this search.
 void setRequestUiDispatchView(java.lang.String view)
          Sets the view in which Splunk Web displays this search.
 void setRestartOnSearchpeerAdd(boolean restart)
          Deprecated. Use setRestartOnSearchPeerAdd(boolean) instead.
 void setRestartOnSearchPeerAdd(boolean restart)
          Sets whether a real-time search managed by the scheduler is restarted when a search peer becomes available for this saved search.
 void setRunOnStartup(boolean startup)
          Sets whether this search is run when Splunk starts.
 void setSearch(java.lang.String search)
          Sets the search query for this saved search.
 void setVsid(java.lang.String vsid)
          Sets the view state ID that is associated with the view specified in the DisplayView attribute.
 void update()
          Updates the entity with the accumulated arguments, established by the individual setter methods for each specific entity class.
 void update(java.util.Map<java.lang.String,java.lang.Object> args)
          Updates the entity with the values you previously set using the setter methods, and any additional specified arguments.
 
Methods inherited from class com.splunk.Entity
clear, containsKey, containsValue, disable, enable, entrySet, get, getMetadata, isDisabled, isEmpty, keySet, put, putAll, refresh, remove, remove, size, validate, values
 
Methods inherited from class com.splunk.Resource
getName, getPath, getService, getTitle, invalidate
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface java.util.Map
equals, hashCode
 

Method Detail

acknowledge

public void acknowledge()
Acknowledges the suppression of alerts from this saved search and resumes alerting.


dispatch

public Job dispatch()
             throws java.lang.InterruptedException
Runs the saved search.

Returns:
The search job.
Throws:
java.lang.InterruptedException

dispatch

public Job dispatch(java.util.Map args)
             throws java.lang.InterruptedException
Runs the saved search using dispatch arguments.

Parameters:
args - Dispatch arguments:
  • "dispatch.now": A time string that is used to dispatch the search as though the specified time were the current time.
  • "dispatch.*": Overwrites the value of the search field specified in "*".
  • "trigger_actions": A Boolean that indicates whether to trigger alert actions.
  • "force_dispatch": A Boolean that indicates whether to start a new search if another instance of this search is already running.
Returns:
The search job.
Throws:
java.lang.InterruptedException

dispatch

public Job dispatch(SavedSearchDispatchArgs args)
             throws java.lang.InterruptedException
Runs the saved search using dispatch arguments.

Parameters:
args - Dispatch arguments (see SavedSearchDispatchArgs).
Returns:
The search job.
Throws:
java.lang.InterruptedException

history

public Job[] history()
Returns an array of search jobs created from this saved search.

Returns:
An array of search jobs.

getActionEmailAuthPassword

public java.lang.String getActionEmailAuthPassword()
Returns the email password.

Returns:
The email password.

getActionEmailAuthUsername

public java.lang.String getActionEmailAuthUsername()
Returns the email username.

Returns:
The email username.

getActionEmailBcc

public java.lang.String getActionEmailBcc()
Returns the blind carbon copy (BCC) email address.

Returns:
The BCC address.

getActionEmailCc

public java.lang.String getActionEmailCc()
Returns the carbon copy (CC) email address.

Returns:
The CC address.

getActionEmailCommand

public java.lang.String getActionEmailCommand()
Returns the search command (or pipeline) that runs the action.

Generally, this command is a template search pipeline that is realized with values from the saved search. To reference saved search field values, wrap them in "$". For example, use "$name$" to reference the saved search name, or use "$search$" to reference the search query.

Returns:
The search command (or pipeline).

getActionEmailFormat

public java.lang.String getActionEmailFormat()
Returns the format of text in the email. This value also applies to any attachments formats. Valid values are: "plain", "html", "raw", and "csv".

Returns:
The email format.

getActionEmailFrom

public java.lang.String getActionEmailFrom()
Returns the email sender's name.

Returns:
The sender's name.

getActionEmailHostname

public java.lang.String getActionEmailHostname()
Returns the host name used in the web link (URL) that is sent in email alerts. Valid forms are "hostname" and "protocol://hostname:port".

Returns:
The host name used in the URL.

getActionEmailInline

public boolean getActionEmailInline()
Indicates whether the search results are contained in the body of the email.

Returns:
true if search results are contained in the body of the email, false if not.

getActionEmailMailServer

public java.lang.String getActionEmailMailServer()
Returns the address of the MTA server that is used to send the emails. If this attribute is not set, this value defaults to the setting in the alert_actions.conf file.

Returns:
The address of the MTA server.

getActionEmailMaxResults

public int getActionEmailMaxResults()
Returns the maximum number of search results to send in email alerts.

Returns:
The maximum number of search results per email.

getActionEmailMaxTime

public java.lang.String getActionEmailMaxTime()
Returns the maximum amount of time an email action takes before the action is canceled. The valid format is number followed by a time unit ("s", "m", "h", or "d").

Returns:
The maximum amount of time.

getActionEmailPdfView

public java.lang.String getActionEmailPdfView()
Returns the name of the view to deliver if ActionEmailSendPdf is enabled.

Returns:
The name of the PDF view.
See Also:
getActionEmailSendPdf()

getActionEmailPreProcessResults

public java.lang.String getActionEmailPreProcessResults()
Returns the search string for pre-processing results before emailing them. Usually preprocessing consists of filtering out unwanted internal fields.

Returns:
The search string for pre-processing results.

getActionEmailReportPaperOrientation

public java.lang.String getActionEmailReportPaperOrientation()
Returns the paper orientation. Valid values are "portrait" and "landscape".

Returns:
The paper orientation.

getActionEmailReportPaperSize

public java.lang.String getActionEmailReportPaperSize()
Returns the paper size for PDFs. Valid values are: "letter", "legal", "ledger", "a2", "a3", "a4", and "a5".

Returns:
The paper size.

getActionEmailReportServerEnabled

public boolean getActionEmailReportServerEnabled()
Indicates whether the PDF server is enabled.

Returns:
true if the PDF server is enabled, false if not.

getActionEmailReportServerUrl

public java.lang.String getActionEmailReportServerUrl()
Returns the URL of the PDF report server, if one is set up and available on the network.

Returns:
The URL of the PDF report server.

getActionEmailSendPdf

public boolean getActionEmailSendPdf()
Indicates whether to create and send the results in PDF format.

Returns:
true if results are sent in PDF format, false if not.

getActionEmailSendResults

public boolean getActionEmailSendResults()
Indicates whether search results are attached to an email.

Returns:
true if search results are attached to an email, false if not.

getActionEmailSubject

public java.lang.String getActionEmailSubject()
Returns the subject line of the email.

Returns:
The subject line of the email.

getActionEmailTo

public java.lang.String getActionEmailTo()
Returns a list of email recipients.

Returns:
A comma- or semicolon-delimited list of email recipients.

getActionEmailTrackAlert

public boolean getActionEmailTrackAlert()
Indicates whether running this email action results in a trackable alert.

Returns:
true for a trackable alert, false if not.

getActionEmailTtl

public java.lang.String getActionEmailTtl()
Returns the minimum time-to-live (ttl) of search artifacts if this email action is triggered. If the value is a number followed by "p", it is the number of scheduled search periods.

Returns:
The minimum time-to-live in seconds, or the number of scheduled periods.

getActionEmailUseSsl

public boolean getActionEmailUseSsl()
Indicates whether to use secure socket layer (SSL) when communicating with the SMTP server.

Returns:
true if SSL is used, false if not.

getActionEmailUseTls

public boolean getActionEmailUseTls()
Indicates whether to use transport layer security (TLS) when communicating with the SMTP server.

Returns:
true if TLS is used, false if not.

getActionEmailWidthSortColumns

public boolean getActionEmailWidthSortColumns()
Indicates whether columns should be sorted from least wide to most wide, left to right. This value is only used when ActionEmailFormat is "plain".

Returns:
true if columns are sorted from least wide to most wide, false if not.
See Also:
getActionEmailFormat()

getActionPopulateLookupCommand

public java.lang.String getActionPopulateLookupCommand()
Returns the search command (or pipeline) that runs the action.

Returns:
The search command (or pipeline).

getActionPopulateLookupDest

public java.lang.String getActionPopulateLookupDest()
Returns the name of the lookup table or lookup path to populate.

Returns:
The lookup name or path.

getActionPopulateLookupHostname

public java.lang.String getActionPopulateLookupHostname()
Returns the host name used in the web link (URL) that is sent in populate-lookup alerts. Valid forms are "hostname" and "protocol://hostname:port".

Returns:
The hostname used in the URL.

getActionPopulateLookupMaxResults

public int getActionPopulateLookupMaxResults()
Returns the maximum number of search results to send in populate-lookup alerts.

Returns:
The maximum number of search results per alert.

getActionPopulateLookupMaxTime

public java.lang.String getActionPopulateLookupMaxTime()
Returns the maximum amount of time an alert action takes before the action is canceled. The valid format is number followed by a time unit ("s", "m", "h", or "d").

Returns:
The maximum amount of time.

getActionPopulateLookupTrackAlert

public boolean getActionPopulateLookupTrackAlert()
Indicates whether running this populate-lookup action results in a trackable alert.

Returns:
true for a trackable alert, false if not.

getActionPopulateLookupTtl

public java.lang.String getActionPopulateLookupTtl()
Returns the minimum time-to-live (ttl) of search artifacts if this populate-lookup action is triggered. If the value is a number followed by "p", it is the number of scheduled search periods.

Returns:
The minimum time-to-live in seconds, or the number of scheduled periods.

getActionRssCommand

public java.lang.String getActionRssCommand()
Returns the search command (or pipeline) that runs the action.

Returns:
The search command (or pipeline).

getActionRssHostname

public java.lang.String getActionRssHostname()
Returns the host name used in the web link (URL) that is sent in RSS alerts. Valid forms are "hostname" and "protocol://hostname:port".

Returns:
The host name used in the URL.

getActionRssMaxResults

public int getActionRssMaxResults()
Returns the maximum number of search results to send in RSS alerts.

Returns:
The maximum number of search results per alert.

getActionRssMaxTime

public java.lang.String getActionRssMaxTime()
Returns the maximum amount of time an RSS alert action takes before the action is canceled. The valid format is number followed by a time unit ("s", "m", "h", or "d").

Returns:
The maximum amount of time.

getActionRssTrackAlert

public boolean getActionRssTrackAlert()
Indicates whether running this RSS action results in a trackable alert.

Returns:
true for a trackable alert, false if not.

getActionRssTtl

public java.lang.String getActionRssTtl()
Returns the minimum time-to-live (ttl) of search artifacts if this RSS action is triggered. If the value is a number followed by "p", it is the number of scheduled search periods.

Returns:
The minimum time-to-live in seconds, or the number of scheduled periods.

getActionScriptCommand

public java.lang.String getActionScriptCommand()
Returns the search command (or pipeline) that runs the action.

Returns:
The search command (or pipeline).

getActionScriptFilename

public java.lang.String getActionScriptFilename()
Returns the filename of the script to call.

Returns:
The filename of the script.

getActionScriptHostname

public java.lang.String getActionScriptHostname()
Returns the host name used in the web link (URL) that is sent in script alerts. Valid forms are "hostname" and "protocol://hostname:port".

Returns:
The host name used in the URL.

getActionScriptMaxResults

public int getActionScriptMaxResults()
Returns the maximum number of search results to send in script alerts.

Returns:
The maximum number of search results per alert.

getActionScriptMaxTime

public java.lang.String getActionScriptMaxTime()
Returns the maximum amount of time a script action takes before the action is canceled. The valid format is number followed by a time unit ("s", "m", "h", or "d").

Returns:
The maximum amount of time.

getActionScriptTrackAlert

public boolean getActionScriptTrackAlert()
Indicates whether running this script action results in a trackable alert.

Returns:
true for a trackable alert, false if not.

getActionScriptTtl

public java.lang.String getActionScriptTtl()
Returns the minimum time-to-live (ttl) of search artifacts if this script action is triggered. If the value is a number followed by "p", it is the number of scheduled search periods.

Returns:
The minimum time-to-live in seconds, or the number of scheduled periods.

getActionSummaryIndexName

public java.lang.String getActionSummaryIndexName()
Returns the name of the summary index where the results of the scheduled search are saved.

Returns:
The name of the summary index.

getActionSummaryIndexCommand

public java.lang.String getActionSummaryIndexCommand()
Returns the search command (or pipeline) that runs the action.

Generally, this command is a template search pipeline that is realized with values from the saved search. To reference saved search field values, wrap them in "$". For example, use "$name$" to reference the saved search name, or use "$search$" to reference the search query.

Returns:
The search command (or pipeline).

getActionSummaryIndexHostname

public java.lang.String getActionSummaryIndexHostname()
Returns the host name used in the web link (URL) that is sent in summary-index alerts. Valid forms are "hostname" and "protocol://hostname:port".

Returns:
The host name used in the URL.

getActionSummaryIndexInline

public boolean getActionSummaryIndexInline()
Indicates whether to run the summary indexing action as part of the scheduled search.

Returns:
true if the summary indexing action runs with the scheduled search, false if not.

getActionSummaryIndexMaxResults

public int getActionSummaryIndexMaxResults()
Returns the maximum number of search results to send in summary-index alerts.

Returns:
The maximum number of search results per alert.

getActionSummaryIndexMaxTime

public java.lang.String getActionSummaryIndexMaxTime()
Returns the maximum amount of time a summary action takes before the action is canceled. The valid format is number followed by a time unit ("s", "m", "h", or "d").

Returns:
The maximum amount of time.

getActionSummaryIndexTrackAlert

public boolean getActionSummaryIndexTrackAlert()
Indicates whether running this summary-index action results in a trackable alert.

Returns:
true for a trackable alert, false if not.

getActionSummaryIndexTtl

public java.lang.String getActionSummaryIndexTtl()
Returns the minimum time-to-live (ttl) of search artifacts if a summary-index action is triggered. If the value is a number followed by "p", it is the number of scheduled search periods.

Returns:
The minimum time-to-live in seconds, or the number of scheduled periods.

getAlertDigestMode

public boolean getAlertDigestMode()
Indicates whether Splunk applies the alert actions to the entire result set (digest) or to each individual search result (per result).

Returns:
true if Splunk applies the alert actions to the entire result set (digest), false if actions are applied to individual search results (per result).

getAlertExpires

public java.lang.String getAlertExpires()
Returns the amount of time to show the alert in the dashboard. The valid format is number followed by a time unit ("s", "m", "h", or "d").

Returns:
The amount of time.

getAlertSeverity

public int getAlertSeverity()
Returns the alert severity level. Valid values are: 1=DEBUG, 2=INFO, 3=WARN, 4=ERROR, 5=SEVERE, 6=FATAL.

Returns:
The alert severity level.

getAlertSuppress

public boolean getAlertSuppress()
Indicates whether alert suppression is enabled for this search.

Returns:
true if alert suppression is enabled for this search, false if not.

getAlertSuppressFields

public java.lang.String getAlertSuppressFields()
Returns a list of fields to use for alert suppression.

Returns:
A comma-delimited list of fields.

getAlertSuppressPeriod

public java.lang.String getAlertSuppressPeriod()
Returns the alert suppression period, which is only valid if AlertSuppress is enabled. The valid format is number followed by a time unit ("s", "m", "h", or "d").

Returns:
The alert suppression period.
See Also:
getAlertSuppress()

getAlertTrack

public java.lang.String getAlertTrack()
Returns a value that indicates how to track the actions triggered by this saved search. Valid values are: "true" (enabled), "false" (disabled), and "auto" (tracking is based on the setting of each action).

Returns:
The alert tracking setting.

getAlertComparator

public java.lang.String getAlertComparator()
Returns the alert comparator. Valid values are: "greater than", "less than", "equal to", "rises by", "drops by", "rises by perc", and "drops by perc".

Returns:
The alert comparator.

getAlertCondition

public java.lang.String getAlertCondition()
Returns a conditional search that is evaluated against the results of the saved search.

Returns:
A conditional search string.

getAlertThreshold

public java.lang.String getAlertThreshold()
Returns the value to compare to before triggering the alert action. If this value is expressed as a percentage, it indicates the value to use when AlertComparator is set to "rises by perc" or "drops by perc."

Returns:
The alert threshold value.
See Also:
getAlertComparator()

getAlertType

public java.lang.String getAlertType()
Returns a value that indicates what to base the alert on. Valid values are: "always", "custom", "number of events", "number of hosts", and "number of sources". This value is overridden by AlertCondition if specified.

Returns:
The alert trigger type.
See Also:
getAlertCondition()

getCronSchedule

public java.lang.String getCronSchedule()
Returns the cron-style schedule for running this saved search.

Returns:
The schedule, as a valid cron-style string.

getDescription

public java.lang.String getDescription()
Returns a description of this saved search.

Returns:
A description of the saved search.

getDispatchBuckets

public int getDispatchBuckets()
Returns the maximum number of timeline buckets.

Returns:
The maximum number of timeline buckets.

getDispatchEarliestTime

public java.lang.String getDispatchEarliestTime()
Returns the earliest time for this search. This value can be a relative or absolute time (as formatted by DispatchTimeFormat).

Returns:
The earliest time for this search.
See Also:
getDispatchTimeFormat()

getDispatchLatestTime

public java.lang.String getDispatchLatestTime()
Returns the latest time for this search. This value can be a relative or absolute time (as formatted by DispatchTimeFormat).

Returns:
The latest time for this search.
See Also:
getDispatchTimeFormat()

getDispatchLookups

public boolean getDispatchLookups()
Indicates whether lookups are enabled for this search.

Returns:
true if lookups are enabled, false if not.

getDispatchMaxCount

public int getDispatchMaxCount()
Returns the maximum number of results before finalizing the search.

Returns:
The maximum number of results.

getDispatchMaxTime

public int getDispatchMaxTime()
Returns the maximum amount of time before finalizing the search.

Returns:
The maximum amount of time, in seconds.

getDispatchReduceFrequency

public int getDispatchReduceFrequency()
Returns how frequently Splunk runs the MapReduce reduce phase on accumulated map values.

Returns:
The reduce frequency.

getDispatchRtBackfill

public boolean getDispatchRtBackfill()
Deprecated. Use getDispatchRealTimeBackfill() instead.

Indicates whether to back fill the real-time window for this search. This attribute only applies to real-time searches.

Returns:
true if Splunk back fills the real-time window, false if not.

getDispatchRealTimeBackfill

public boolean getDispatchRealTimeBackfill()
Indicates whether to back fill the real-time window for this search. This attribute only applies to real-time searches.

Returns:
true if Splunk back fills the real-time window, false if not.

getDispatchSpawnProcess

public boolean getDispatchSpawnProcess()
Indicates whether Splunk spawns a new search process when running this saved search.

Returns:
true if Splunk spawns a new search process, false if not.

getDispatchTimeFormat

public java.lang.String getDispatchTimeFormat()
Returns the time format used to specify the earliest and latest times for this search.

Returns:
The time format.

getDispatchTtl

public java.lang.String getDispatchTtl()
Returns the time to live (ttl) for artifacts of the scheduled search (the time before the search job expires and artifacts are still available), if no alerts are triggered. If the value is a number followed by "p", it is the number of scheduled search periods.

Returns:
The time to live, in seconds or as a multiple of the scheduled search period.

getDisplayView

public java.lang.String getDisplayView()
Returns the default view in which to load results.

Returns:
The view name.

getMaxConcurrent

public int getMaxConcurrent()
Returns the maximum number of concurrent instances of this search the scheduler is allowed to run.

Returns:
The maximum number of concurrent instances.

getNextScheduledTime

public java.util.Date getNextScheduledTime()
Returns the next scheduled time.

Returns:
The next scheduled time.

getQualifiedSearch

public java.lang.String getQualifiedSearch()
Returns the qualified search.

Returns:
The qualified search.

getRealtimeSchedule

public boolean getRealtimeSchedule()
Indicates whether the scheduler computes the next run time of a scheduled search based on the current time or on the last search run time (for continuous scheduling).

Returns:
true if the run time is based on current time, false if based on the previous search time.

getRequestUiDispatchApp

public java.lang.String getRequestUiDispatchApp()
Returns the app in which Splunk Web dispatches this search.

Returns:
The app name.

getRequestUiDispatchView

public java.lang.String getRequestUiDispatchView()
Returns the view in which Splunk Web displays this search.

Returns:
The view name.

getRestartOnSearchPeerAdd

public boolean getRestartOnSearchPeerAdd()
Indicates whether a real-time search managed by the scheduler is restarted when a search peer becomes available for this saved search.

Returns:
true if a real-time search is restarted, false if not.

getRunOnStartup

public boolean getRunOnStartup()
Indicates whether this search is run when Splunk starts. If the search is not run on startup, it runs at the next scheduled time.

Returns:
true if this search is run when Splunk starts, false if not.

getSearch

public java.lang.String getSearch()
Returns the search query for this saved search.

Returns:
The search query.

getVsid

public java.lang.String getVsid()
Returns the view state ID that is associated with the view specified in the DisplayView attribute. This ID corresponds to a stanza in the viewstates.conf configuration file.

Returns:
The view state ID.
See Also:
getDisplayView()

isActionEmail

public boolean isActionEmail()
Indicates whether the email action is enabled.

Returns:
true if the email action is enabled, false if not.

isActionPopulateLookup

public boolean isActionPopulateLookup()
Indicates whether the populate-lookup action is enabled.

Returns:
true if the populate-lookup action is enabled, false if not.

isActionRss

public boolean isActionRss()
Indicates whether the RSS action is enabled.

Returns:
true if the RSS action is enabled, false if not.

isActionScript

public boolean isActionScript()
Indicates whether the script action is enabled.

Returns:
true if the script action is enabled, false if not.

isActionSummaryIndex

public boolean isActionSummaryIndex()
Indicates whether the summary-index action is enabled.

Returns:
true if the summary-index action is enabled, false if not.

isDigestMode

public boolean isDigestMode()
Indicates whether Splunk applies the alert actions to the entire result set (digest) or to each individual search result (per result).

Returns:
true if actions are applied per digest, false if per result.

isScheduled

public boolean isScheduled()
Indicates whether this search is run on a schedule.

Returns:
true if this search is run on a schedule, false if not.

isVisible

public boolean isVisible()
Indicates whether the search should be visible in the saved search list.

Returns:
true if the search should be listed, false if not.

setActionEmailAuthPassword

public void setActionEmailAuthPassword(java.lang.String password)
Sets the password to use when authenticating with the SMTP server. Normally this value will be set when editing the email settings, however you can set a clear text password here and it will be encrypted on the next Splunk restart.

Parameters:
password - The password.

setActionEmailAuthUsername

public void setActionEmailAuthUsername(java.lang.String username)
Sets the username to use when authenticating the SMTP server. If this string is empty, authentication is not attempted.

Parameters:
username - The username for authentication.

setActionEmailBcc

public void setActionEmailBcc(java.lang.String bcc)
Sets the blind carbon copy (BCC) email address to use for email alerts.

Parameters:
bcc - The BCC email address.
See Also:
isActionEmail()

setActionEmailCc

public void setActionEmailCc(java.lang.String cc)
Sets the carbon copy (CC) email address to use for email alerts.

Parameters:
cc - The CC email address.
See Also:
isActionEmail()

setActionEmailCommand

public void setActionEmailCommand(java.lang.String command)
Returns the search command (or pipeline) that runs the action.

Generally, this command is a template search pipeline that is realized with values from the saved search. To reference saved search field values, wrap them in "$". For example, use "$name$" to reference the saved search name, or use "$search$" to reference the search query.

Parameters:
command - The search command (or pipeline).

setActionEmailFormat

public void setActionEmailFormat(java.lang.String format)
Sets the format of text in the email. This value also applies to any attachments formats. Valid values are: "plain", "html", "raw", and "csv".

Parameters:
format - The email format.

setActionEmailFrom

public void setActionEmailFrom(java.lang.String from)
Sets the email sender's name.

Parameters:
from - The sender's name.

setActionEmailHostname

public void setActionEmailHostname(java.lang.String hostname)
Sets the host name used in the web link (URL) to send in email alerts. Valid forms are "hostname" and "protocol://hostname:port".

Parameters:
hostname - The host name to use in the URL.

setActionEmailInline

public void setActionEmailInline(boolean inline)
Sets whether the search results are contained in the body of the email.

Parameters:
inline - true to include search results in the body of the email, false if not.

setActionEmailMailServer

public void setActionEmailMailServer(java.lang.String mailServer)
Sets the address of the MTA server that is used to send the emails. If this parameter is not set, the value defaults to the setting in the alert_actions.conf file.

Parameters:
mailServer - The address of the MTA server.

setActionEmailMaxResults

public void setActionEmailMaxResults(int maxResults)
Sets the maximum number of search results to send in email alerts.

Parameters:
maxResults - The maximum number of search results per alert.

setActionEmailMaxTime

public void setActionEmailMaxTime(java.lang.String maxTime)
Sets the maximum amount of time an email action takes before the action is canceled. The valid format is number followed by a time unit ("s", "m", "h", or "d").

Parameters:
maxTime - The maximum amount of time.

setActionEmailPdfView

public void setActionEmailPdfView(java.lang.String name)
Sets the name of the view to deliver if ActionEmailSendPdf is enabled.

Parameters:
name - The name of the PDF view.
See Also:
getActionEmailSendPdf()

setActionEmailPreProcessResults

public void setActionEmailPreProcessResults(java.lang.String preprocess)
Sets the search string for pre-processing results before emailing them. Usually preprocessing consists of filtering out unwanted internal fields.

Parameters:
preprocess - The search string for pre-processing results.

setActionEmailReportPaperOrientation

public void setActionEmailReportPaperOrientation(java.lang.String orientation)
Sets the paper orientation. Valid values are "portrait" and "landscape".

Parameters:
orientation - The paper orientation.

setActionEmailReportPaperSize

public void setActionEmailReportPaperSize(java.lang.String size)
Sets the paper size for PDFs. Valid values are: "letter", "legal", "ledger", "a2", "a3", "a4", and "a5".

Parameters:
size - The paper size.

setActionEmailReportServerEnabled

public void setActionEmailReportServerEnabled(boolean pdfServerEnabled)
Sets whether the PDF server is enabled.

Parameters:
pdfServerEnabled - true if the PDF server is enabled, false if not.

setActionEmailReportServerUrl

public void setActionEmailReportServerUrl(java.lang.String pdfServerUrl)
Sets the URL of the PDF report server.

Parameters:
pdfServerUrl - The URL of the PDF report server.

setActionEmailSendPdf

public void setActionEmailSendPdf(boolean sendPdf)
Sets whether to create and send the results in PDF format.

Parameters:
sendPdf - true to send results in PDF format, false if not.

setActionEmailSendResults

public void setActionEmailSendResults(boolean sendResults)
Sets whether to attach the search results to an email.

Parameters:
sendResults - true to attach search results to an email, false if not.

setActionEmailSubject

public void setActionEmailSubject(java.lang.String subject)
Sets the subject line of the email.

Parameters:
subject - The subject line of the email.

setActionEmailTo

public void setActionEmailTo(java.lang.String to)
Sets a list of email recipients.

Parameters:
to - A comma- or semicolon-delimited list of email recipients.

setActionEmailTrackAlert

public void setActionEmailTrackAlert(boolean trackAlert)
Sets whether running this email action results in a trackable alert.

Parameters:
trackAlert - true for a trackable alert, false if not.

setActionEmailTtl

public void setActionEmailTtl(java.lang.String ttl)
Sets the minimum time-to-live in seconds of the search artifacts if an email action is triggered. If the value is a number followed by "p", it is the number of scheduled search periods.

Parameters:
ttl - The minimum time-to-live in seconds, or the number of scheduled periods.

setActionEmailUseSsl

public void setActionEmailUseSsl(boolean useSsl)
Sets whether to use secure socket layer (SSL) when communicating with the SMTP server.

Parameters:
useSsl - true to use SSL, false if not.

setActionEmailUseTls

public void setActionEmailUseTls(boolean useTls)
Sets whether to use transport layer security (TLS) when communicating with the SMTP server.

Parameters:
useTls - true to use TLS, false if not.

setActionEmailWidthSortColumns

public void setActionEmailWidthSortColumns(boolean widthSortColumns)
Sets whether columns should be sorted from least wide to most wide, left to right. This value is only used when ActionEmailFormat is "plain".

Parameters:
widthSortColumns - true to sort columns from least wide to most wide, false if not.
See Also:
getActionEmailFormat()

setActionPopulateLookupCommand

public void setActionPopulateLookupCommand(java.lang.String command)
Sets the search command (or pipeline) that runs the action.

Parameters:
command - The search command (or pipeline).

setActionPopulateLookupDest

public void setActionPopulateLookupDest(java.lang.String dest)
Sets the name of the lookup table or lookup path to populate.

Parameters:
dest - The lookup name or path.

setActionPopulateLookupHostname

public void setActionPopulateLookupHostname(java.lang.String hostname)
Sets the host name used in the web link (URL) to send in populate-lookup alerts. Valid forms are "hostname" and "protocol://hostname:port".

Parameters:
hostname - The host name to use in the URL.

setActionPopulateLookupMaxResults

public void setActionPopulateLookupMaxResults(int maxResults)
Sets the maximum number of search results to send in populate-lookup alerts.

Parameters:
maxResults - The maximum number of search results per alert.

setActionPopulateLookupMaxTime

public void setActionPopulateLookupMaxTime(java.lang.String maxTime)
Sets the maximum amount of time an alert action takes before the action is canceled. The valid format is number followed by a time unit ("s", "m", "h", or "d").

Parameters:
maxTime - The maximum amount of time.

setActionPopulateLookupTrackAlert

public void setActionPopulateLookupTrackAlert(boolean trackAlert)
Sets whether running this populate-lookup action results in a trackable alert.

Parameters:
trackAlert - true for a trackable alert, false if not.

setActionPopulateLookupTtl

public void setActionPopulateLookupTtl(java.lang.String ttl)
Sets the minimum time-to-live (ttl) of the search artifacts if this populate-lookup action is triggered. If the value is a number followed by "p", it is the number of scheduled search periods.

Parameters:
ttl - The minimum time-to-live in seconds, or the number of scheduled periods.

setActionRssCommand

public void setActionRssCommand(java.lang.String command)
Sets the search command (or pipeline) that runs the action.

Generally, this command is a template search pipeline that is realized with values from the saved search. To reference saved search field values, wrap them in "$". For example, use "$name$" to reference the saved search name, or use "$search$" to reference the search query.

Parameters:
command - The search command (or pipeline).

setActionRssHostname

public void setActionRssHostname(java.lang.String hostname)
Sets the host name to use in the web link (URL) to send in RSS alerts. Valid forms are "hostname" and "protocol://hostname:port".

Parameters:
hostname - The host name to use in the URL.

setActionRssMaxResults

public void setActionRssMaxResults(int maxResults)
Sets the maximum number of search results to send in RSS alerts.

Parameters:
maxResults - The maximum number of search results per alert.

setActionRssMaxTime

public void setActionRssMaxTime(java.lang.String maxTime)
Sets the maximum amount of time an RSS action takes before the action is canceled. The valid format is number followed by a time unit ("s", "m", "h", or "d").

Parameters:
maxTime - The maximum amount of time.

setActionRssTrackAlert

public void setActionRssTrackAlert(boolean trackAlert)
Sets whether running this RSS action results in a trackable alert.

Parameters:
trackAlert - true for a trackable alert, false if not.

setActionRssTtl

public void setActionRssTtl(java.lang.String ttl)
Sets the minimum time-to-live in seconds of the search artifacts if an RSS action is triggered. If the value is a number followed by "p", it is the number of scheduled search periods.

Parameters:
ttl - The minimum time-to-live in seconds, or the number of scheduled periods.

setActionScriptCommand

public void setActionScriptCommand(java.lang.String command)
Sets the search command (or pipeline) that runs the action.

Generally, this command is a template search pipeline that is realized with values from the saved search. To reference saved search field values, wrap them in "$". For example, use "$name$" to reference the saved search name, or use "$search$" to reference the search query.

Parameters:
command - The search command (or pipeline).

setActionScriptFilename

public void setActionScriptFilename(java.lang.String filename)
Sets the file name of the script to call. This value is required if ActionScript is enabled.

Parameters:
filename - The file name of the script.
See Also:
isActionScript()

setActionScriptHostname

public void setActionScriptHostname(java.lang.String hostname)
Sets the host name used in the web link (URL) to send in script alerts. Valid forms are "hostname" and "protocol://hostname:port".

Parameters:
hostname - The host name to use in the URL.

setActionScriptMaxResults

public void setActionScriptMaxResults(int maxResults)
Sets the maximum number of search results to send in script alerts.

Parameters:
maxResults - The maximum number of search results per alert.

setActionScriptMaxTime

public void setActionScriptMaxTime(java.lang.String maxTime)
Sets the maximum amount of time a script action takes before the action is canceled. The valid format is number followed by a time unit ("s", "m", "h", or "d").

Parameters:
maxTime - The maximum amount of time.

setActionScriptTrackAlert

public void setActionScriptTrackAlert(boolean trackAlert)
Sets whether running this script action results in a trackable alert.

Parameters:
trackAlert - true for a trackable alert, false if not.

setActionScriptTtl

public void setActionScriptTtl(java.lang.String ttl)
Sets the minimum time-to-live in seconds of the search artifacts if a script action is triggered. If the value is a number followed by "p", it is the number of scheduled search periods.

Parameters:
ttl - The minimum time-to-live in seconds, or the number of scheduled periods.

setActionSummaryIndexName

public void setActionSummaryIndexName(java.lang.String name)
Sets the name of the summary index where the results of the scheduled search are saved.

Parameters:
name - The name of the summary index.

setActionSummaryIndexCommand

public void setActionSummaryIndexCommand(java.lang.String command)
Sets the search command (or pipeline) that runs the action.

Generally, this command is a template search pipeline that is realized with values from the saved search. To reference saved search field values, wrap them in "$". For example, use "$name$" to reference the saved search name, or use "$search$" to reference the search query.

Parameters:
command - The search command (or pipeline).

setActionSummaryIndexHostname

public void setActionSummaryIndexHostname(java.lang.String hostname)
Sets the host name used in the web link (URL) to send in summary-index alerts. Valid forms are "hostname" and "protocol://hostname:port".

Parameters:
hostname - The host name to use in the URL.

setActionSummaryIndexInline

public void setActionSummaryIndexInline(boolean inline)
Sets whether to run the summary indexing action as part of the scheduled search.

Parameters:
inline - true to run the summary indexing action with the scheduled search, false if not.

setActionSummaryIndexMaxResults

public void setActionSummaryIndexMaxResults(int maxResults)
Sets the maximum number of search results to send in summary-index alerts.

Parameters:
maxResults - The maximum number of search results per alert.

setActionSummaryIndexMaxTime

public void setActionSummaryIndexMaxTime(java.lang.String maxTime)
Sets the maximum amount of time a summary-index action takes before the action is canceled. The valid format is number followed by a time unit ("s", "m", "h", or "d").

Parameters:
maxTime - The maximum amount of time.

setActionSummaryIndexTrackAlert

public void setActionSummaryIndexTrackAlert(boolean trackAlert)
Sets whether running summary-index action results in a trackable alert.

Parameters:
trackAlert - true for a trackable alert, false if not.

setActionSummaryIndexTtl

public void setActionSummaryIndexTtl(java.lang.String ttl)
Sets the minimum time-to-live in seconds of the search artifacts if a summary-index action is triggered. If the value is a number followed by "p", it is the number of scheduled search periods.

Parameters:
ttl - The minimum time-to-live in seconds, or the number of scheduled periods.

setActions

public void setActions(java.lang.String actions)
Sets whichs actions to enable. Valid actions are: "email", "populate_lookup", "rss", "script", and "summary_index".

Parameters:
actions - A comma-separated list of actions.

setAlertDigestMode

public void setAlertDigestMode(boolean digest)
Sets whether Splunk applies the alert actions to the entire result set or on each individual result.

Parameters:
digest - true if Splunk applies the alert actions to the entire result set (digest), false if actions are applied to individual search results (per result).

setAlertExpires

public void setAlertExpires(java.lang.String period)
Sets the period of time to show the alert in the dashboard. The valid format is number followed by a time unit ("s", "m", "h", or "d").

Parameters:
period - The amount of time.

setAlertSeverity

public void setAlertSeverity(int severity)
Sets the alert severity level, which is an integer from 1-6 (1=DEBUG, 2=INFO, 3=WARN, 4=ERROR, 5=SEVERE, 6=FATAL).

Parameters:
severity - The alert severity level.

setAlertSuppress

public void setAlertSuppress(boolean suppress)
Sets whether to enable alert suppression for this scheduled search.

Parameters:
suppress - true to enable alert suppression, false if not.

setAlertSuppressFields

public void setAlertSuppressFields(java.lang.String fields)
Specifies a list of fields to use for alert suppression. This attribute is required when alert supression and per-result alerting are enabled.

Parameters:
fields - A comma-delimited list of fields.
See Also:
setAlertSuppress(boolean), isDigestMode()

setAlertSuppressPeriod

public void setAlertSuppressPeriod(java.lang.String period)
Sets the period for alert suppression. This attribute is only valid when AlertSuppress is enabled. The valid format is number followed by a time unit ("s", "m", "h", or "d").

Parameters:
period - The suppression period.
See Also:
setAlertSuppress(boolean)

setAlertTrack

public void setAlertTrack(java.lang.String track)
Sets how to track the actions triggered by this saved search. Valid values are: "true" (enabled), "false" (disabled), and "auto" (tracking is based on the setting of each action).

Parameters:
track - The alert tracking setting.

setAlertComparator

public void setAlertComparator(java.lang.String comparator)
Sets the alert comparator. Valid values are: "greater than", "less than", "equal to", "rises by", "drops by", "rises by perc", and "drops by perc".

Parameters:
comparator - The alert comparator.

setAlertCondition

public void setAlertCondition(java.lang.String conditional)
Sets a conditional search that is evaluated against the results of the saved search.

Note: If you specify an alert_condition, do not set counttype, relation, or quantity.

Parameters:
conditional - A conditional search.

setAlertThreshold

public void setAlertThreshold(java.lang.String threshold)
Sets the value to compare to before triggering the alert action. If this value is expressed as a percentage, it indicates the value to use when AlertComparator is set to "rises by perc" or "drops by perc."

Parameters:
threshold - The threshold as a number or percentage (a number followed by "%").
See Also:
getAlertComparator()

setAlertType

public void setAlertType(java.lang.String type)
Sets a value that indicates what to base the alert on. Valid values are: "always", "custom", "number of events", "number of hosts", and "number of sources". This value is overridden by AlertCondition if specified.

Parameters:
type - The alert trigger type.

setCronSchedule

public void setCronSchedule(java.lang.String cronSchedule)
Sets the cron schedule for running this saved search.

Parameters:
cronSchedule - The schedule, as a valid cron-style string.

setDescription

public void setDescription(java.lang.String description)
Sets the description of this saved search.

Parameters:
description - The description.

setDisabled

public void setDisabled(boolean disabled)
Sets whether the saved search is disabled. Disabled searches are not visible in Splunk Web.

Parameters:
disabled - true to disable the saved search, false to enable it.

setDispatchBuckets

public void setDispatchBuckets(java.lang.String buckets)
Deprecated. Use setDispatchBuckets(int) instead.

Sets the maximum number of timeline buckets.

Parameters:
buckets - The maximum number of timeline buckets.

setDispatchBuckets

public void setDispatchBuckets(int buckets)
Sets the maximum number of timeline buckets.

Parameters:
buckets - The maximum number of timeline buckets.

setDispatchEarliestTime

public void setDispatchEarliestTime(java.lang.String earliestTime)
Sets the earliest time for this search. This value can be a relative time, or absolute time as formatted by DispatchTimeFormat.

Parameters:
earliestTime - The earliest time for this search.
See Also:
getDispatchTimeFormat()

setDispatchLatestTime

public void setDispatchLatestTime(java.lang.String latestTime)
Sets the latest time for this search. This value can be a relative time, or absolute time as formatted by DispatchTimeFormat.

Parameters:
latestTime - The latest time for this search.
See Also:
getDispatchTimeFormat()

setDispatchLookups

public void setDispatchLookups(boolean lookups)
Sets whether to enable lookups for this search.

Parameters:
lookups - true to enable lookups, false if not.

setDispatchMaxCount

public void setDispatchMaxCount(int max)
Sets the maximum number of results before finalizing the search.

Parameters:
max - The maximum number of results.

setDispatchMaxTime

public void setDispatchMaxTime(int max)
Sets the maximum time before finalizing the search.

Parameters:
max - The maximum time, in seconds.

setDispatchReduceFrequency

public void setDispatchReduceFrequency(int seconds)
Sets how frequently Splunk should run the MapReduce reduce phase on accumulated map values.

Parameters:
seconds - The reduce frequency.

setDispatchRealTimeBackfill

public void setDispatchRealTimeBackfill(boolean backfill)
Sets whether to back fill the real-time window for this search. This attribute only applies to real-time searches.

Parameters:
backfill - true if Splunk back fills the real-time window, false if not.

setDispatchSpawnProcess

public void setDispatchSpawnProcess(boolean spawn)
Sets whether Splunk spawns a new search process when running this saved search. Searches against indexes must run in a separate process.

Parameters:
spawn - true if Splunk spawns a new search process, false if not.

setDispatchTimeFormat

public void setDispatchTimeFormat(java.lang.String format)
Sets the time format used to specify the earliest and latest times for this search.

Parameters:
format - The time format.

setDispatchTtl

public void setDispatchTtl(java.lang.String format)
Sets the minimum time-to-live in seconds of the search artifacts if no actions are triggered. If the value is a number followed by "p", it is the number of scheduled search periods.

Parameters:
format - The time to live, in seconds or as a multiple of the scheduled search period.

setDisplayView

public void setDisplayView(java.lang.String view)
Sets the default view in which to load the results.

Parameters:
view - The view name (not label).

setIsScheduled

public void setIsScheduled(boolean value)
Sets whether this search runs on a schedule.

Parameters:
value - true to run this search on a schedule, false if not.

setIsVisible

public void setIsVisible(boolean value)
Sets whether this search appears in the visible list of saved searches.

Parameters:
value - true to display this in the visible list, false if not.

setMaxConcurrent

public void setMaxConcurrent(int max)
Sets the maximum number of concurrent instances of this search the scheduler is allowed to run.

Parameters:
max - The maximum number of concurrent instances.

setRealtimeSchedule

public void setRealtimeSchedule(boolean value)
Sets how the scheduler computes the next time a scheduled search is run. The scheduler tries to run searches that have real-time schedules enabled before running searches that have continuous scheduling enabled.

Parameters:
value - true to enable a real-time schedule for this search, false to enable continuous scheduling for this search.
See Also:
isActionSummaryIndex()

setRequestUiDispatchApp

public void setRequestUiDispatchApp(java.lang.String app)
Sets the app in which Splunk Web dispatches this search.

Parameters:
app - The app name.

setRequestUiDispatchView

public void setRequestUiDispatchView(java.lang.String view)
Sets the view in which Splunk Web displays this search.

Parameters:
view - The view name.

setRestartOnSearchpeerAdd

public void setRestartOnSearchpeerAdd(boolean restart)
Deprecated. Use setRestartOnSearchPeerAdd(boolean) instead.

Sets whether a real-time search managed by the scheduler is restarted when a search peer becomes available for this saved search.

Note: The peer can be one that is newly added or one that has become available after being down.

Parameters:
restart - true to restart a real-time search, false if not.

setRestartOnSearchPeerAdd

public void setRestartOnSearchPeerAdd(boolean restart)
Sets whether a real-time search managed by the scheduler is restarted when a search peer becomes available for this saved search.

Note: The peer can be one that is newly added or one that has become available after being down.

Parameters:
restart - true to restart a real-time search, false if not.

setRunOnStartup

public void setRunOnStartup(boolean startup)
Sets whether this search is run when Splunk starts. If the search is not run on startup, it runs at the next scheduled time.

It is recommended that you set this value to true for scheduled searches that populate lookup tables.

Parameters:
startup - true to run this search when Splunk starts, false if not.

setSearch

public void setSearch(java.lang.String search)
Sets the search query for this saved search.

Parameters:
search - The search query.

setVsid

public void setVsid(java.lang.String vsid)
Sets the view state ID that is associated with the view specified in the DisplayView attribute.

Note: This ID must match a stanza in the from the viewstates.conf configuration file.

Parameters:
vsid - The view state ID.
See Also:
getDisplayView()

update

public void update(java.util.Map<java.lang.String,java.lang.Object> args)
Updates the entity with the values you previously set using the setter methods, and any additional specified arguments. The specified arguments take precedent over the values that were set using the setter methods.

Overrides:
update in class Entity
Parameters:
args - The arguments to update.

update

public void update()
Updates the entity with the accumulated arguments, established by the individual setter methods for each specific entity class.

Overrides:
update in class Entity