Splunk · Schema

Splunk Search Job

Schema for a Splunk Enterprise search job resource. A search job represents an asynchronous execution of a Splunk Search Processing Language (SPL) query. Jobs progress through states from QUEUED through DONE or FAILED, producing events and results that can be retrieved via the REST API.

AnalyticsData AnalysisLoggingMachine DataMonitoringObservabilityPlatformSecuritySIEM

Properties

Name	Type	Description
sid	string	The unique search identifier (search ID) assigned to this job. Format is typically ..
name	string	The name of the search job resource, typically the SID
id	string	The full REST API URI for this search job resource
updated	string	ISO 8601 timestamp of the last update to this search job
published	string	ISO 8601 timestamp of when this search job was created
author	string	The Splunk user who created the search job
content	object	The detailed properties and status of the search job
links	object	Related resource links for the search job
acl	object	Access control information for the search job

View JSON Schema on GitHub