Find connections for Saved Search

Follow
Avatar
Shamshir Nangla
  • Edited

Hi All,


We're migrating from slack to teams and I'm trying to find an efficient way to identify all our saved searches that use the slack connections. I can see thoses saved searches that have been triggered with the below query, but is there a way to find all (i.e. not triggered), otherwise it'll be manual task to check every saved search:

(_index=sumologic_audit and _sourceName=SCHEDULED_SEARCH) //("Scheduled search alert triggered")
| parse "[Destination=*]" as Destination
| parse "[Name=*]" as SavedSearchName
| parse "[AlertType=*]" as AlertType nodrop

Thanks

0

Comments

2 comments

Sort by Date Votes
  • Avatar
    Shobhit Garg

    Hi Shamshir,

    Yes, this query will only give you the information about the searches which are triggered.

    The other thing you can do is to use the content management API and export the content in JSON format, there you can look for below section, the parameter taskType tells that its a webhook connection. It is not a straight forward method, but this is the best you can do instead of opening each search manually.

    "notification": {
    "taskType": "WebhookSearchNotificationSyncDefinition",
    "webhookId": "000000000000CD15",
    "payload": null,
    "itemizeAlerts": false,
    "maxItemizedAlerts": 50
    },

    Access below page and click the link as per your deployment region and look for content management

    https://help.sumologic.com/APIs

    You can also export the library content from UI 

    https://help.sumologic.com/05Search/Library/Export-and-Import-Content-in-the-Library

    Hope this helps.

     

    Regards

    1
    Comment actions Permalink
  • Avatar
    Shamshir Nangla

    Thanks Shobhit!

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post