POST /v1/logSearches

Default value: "application/json"

Values for search template used in the search query. Learn more about the search templates here : https://help.sumologic.com/docs/search/get-started-with-search/build-search/search-templates/

The name of the parameter.

A description of the parameter.

The data type of the parameter. Supported values are:

1. NUMBER
2. STRING
3. ANY
4. KEYWORD

A value for the parameter. Should be compatible with the type set in dataType field.

Identifier of a folder where to save the log search.

Name of the item in the content library.

Item description in the content library.

Aggregate Results Settings and View configurations, Legends settings, and different visualisation settings overrides. Leave this field empty to use the defaults. This property contains JSON object encoded as a string.

Type of the time range. Value must be either CompleteLiteralTimeRange or BeginBoundedTimeRange.

This property is deprecated. The system will automatically infer the value of this field from the query going forward, so the user-specified value will no longer be honored. Threshold type. Possible values are:

1. message
2. group

Use group as threshold type if the search query is of aggregate type. For non-aggregate queries, set it to message.

Criterion to be applied when comparing actual result count with expected count. Possible values are:

1. eq
2. gt
3. ge
4. lt
5. le

Expected result count.

Run schedule of the scheduled search. Set to "Custom" to specify the schedule with a CRON expression.Please note that with Custom, 1Day and 1Week schedule types you need to provide the corresponding cron expression to determine when to actually run the search. e.g. Sample Valid Cron for 1Day is "0 0 16 ? * 2-6 *". Possible schedule types are:

• RealTime
• 15Minutes
• 1Hour
• 2Hours
• 4Hours
• 6Hours
• 8Hours
• 12Hours
• 1Day
• 1Week
• Custom

A list of scheduled search template parameters to be used while executing the query. This is different from the queryParameters field in parent object as this field will be used for execution as per the schedule. The parent object field is for search itself, not part of execution. Learn more about the search templates here : https://help.sumologic.com/docs/search/get-started-with-search/build-search/search-templates/

Name of scheduled search parameter.

Value of scheduled search parameter.

Delivery channel for notifications.

A human-friendly text describing the query time range. For e.g. "-2h", "last three days", "team default time". This value can not be set via API.

Type of the time range. Value must be either CompleteLiteralTimeRange or BeginBoundedTimeRange.

Cron-like expression specifying the search's schedule. Field scheduleType must be set to "Custom", otherwise, scheduleType takes precedence over cronExpression.

Time zone identifier for time specification. Either an abbreviation such as "PST", a full name such as "America/Los_Angeles", or a custom ID such as "GMT-8:00". Note that the support of abbreviations is for JDK 1.1.x compatibility only and full names should be used. The GMT time zone is chosen if the given time zone cannot be identified.

If enabled, emails are not sent out in case of errors with the search.

Query to perform.

Define the parsing mode to scan the JSON format log messages. Possible values are:

1. AutoParse
2. Manual In AutoParse mode, the system automatically figures out fields to parse based on the search query. While in the Manual mode, no fields are parsed out automatically. For more information see Dynamic Parsing.

Default value: "Manual"

This has the value true if the search is to be run by receipt time and false if it is to be run by message time.

Default value: false