The syntax of this can be a little tricky:
$SPLUNK_HOME/bin/splunk search ‘|savedsearch “Splunk errors last 24 hours”‘
The primary reason I am looking to run Saved Searches from the Command Line Interface (CLI) is to have a scheduled query kick off a script after an error occurs that will sleep for a few minutes and then run a search similar to the one above to test for a server restart.
So when my WebSphere App Server throws a java.lang.OutOfMemoryError, I want to wait a few minutes and make sure that the server restarted. There may be a better design then what I have put together but so far this is the only way I can think to solve the problem. However, I am still searching for a better solution.
UPDATE
Something else to be aware of is the permissions of the Saved Search. If you created the Saved Search as yourself (bobsmith), but you try to run it as an admin account from the CLI, then the admin account will not have access unless you give permissions to the admin (or everyone) to run it.
