Search

Learn how to use the CLI to search your ISC tenant in this guide.

In Identity Security Cloud (ISC), you can search across all the sources connected to your tenant and return virtually any information you have access to. The search command allows you to access ISC search functionality within the CLI. For more information about search in ISC, refer to Search.

In Identity Security Cloud, you can search all the sources connected to your tenant and return virtually any information you have access to. To learn more about search in Identity Security Cloud, refer to Search.

The search command makes it easy to search in Identity Security Cloud with the SailPoint CLI. Read this guide to learn how to use the query and template commands to search Identity Security Cloud with the CLI.

• Query
  • Command
  • Flags
    • Indices
    • Sort
    • Folder Path
• Template
  • Command
  • Flags
    • Folder Path

Query

Search queries in Identity Security Cloud are flexible - they can be very broad or very narrow, and you can further narrow your results by using Identity Security Cloud's specific syntax to structure your queries. To learn about structuring search queries, refer to Building a Search Query.

The query command allows you to search Identity Security Cloud for a query you specify.

To use the query command to search Identity Security Cloud, you must understand how to format your search queries.

The basic format of a query is "field:term", so an example query command would like this:

sail search query "name:a*" --indices identities

The CLI will use the V3 Search endpoint to search for all identities starting with names starting with the letter "a". The CLI will then generate a JSON file containing the search results. This JSON file will be located in a folder titled "search_results", within the current working directory, unless a folder path is specified.

Command

This example can help you understand the query command structure:

sail search query <search query string> --indices <index to search>

You must start your search query with sail search query, and you must specify a query string to search for and a set of indices to search.

Flags

You can append a number of flags to the query command to refine it:

• The first flag, indices, is required. It specifies the indices to run the search operation on.
• The second possible flag, sort, allows you to specify the sort strings to use for the search query, as well as the sorting arrangement for the results.
• The third possible flag, folderPath, allows you to specify the folder path where you want to save the search query result files.

Indices

Use the indices flag to specify the indices you want to search. The indices flag is required to use the query command.

Here is an example of a query command with specified indices:

sail search query "name:a*" --indices identities

You can search multiple indices.

Here is an example of a query command with multiple specified indices.

sail search query "name:a*" --indices identities --indices accessprofiles

Sort

Use the sort flag to specify the sort strings you want to use to determine the sorting arrangement of your search query results. When you specify a string to sort by, like name, the CLI sorts results by name in ascending order. If you add a "-" before the sort string, like -name, the CLI will sort the results in descending order instead.

Here is an example of a query command that sorts the results in descending order based on the identities' created dates:

sail search query "name:a*" --indices identities --sort "-created"

You can specify multiple sort strings for your search queries.

Here is an example of a query command that sorts the results in ascending order based on name, as well as in descending order based on the identities' created dates:

sail search query "name:a*" --indices identities --sort name --sort "-created"

Folder Path

Use the folderPath flag to specify the folder path to save the search results in. If you don't specify a folderPath, the results will save to a folder called "search_results", located within your current working directory.

Here is an example of a query command that specifies a folderPath:

sail search query "name:a*" --indices identities --folderPath ./local/folder/path

Template

For more detailed search queries, you can provide a predefined template instead of constructing the whole query every time. This allows you to run very detailed search queries quickly and easily.

The template command allows you to use predefined templates to search Identity Security Cloud.

Command

This example shows the essential template command structure:

sail search template all-provisioning-events-90-days

The specified template file will give the CLI all the information it needs to perform its search in Identity Security Cloud.

Flags

You can append one flag to the template command to refine it:

• The flag, folderPath, allows you to specify the folder path where you want to save the search query result files.

Folder Path

Use the folderPath flag to specify the folder path to save the search results in. If you don't specify a folderPath, the results will save to a folder called "search_results", located within your current working directory.

Here is an example of a template command that specifies a folderPath:

sail search template all-provisioning-events-90-days --folderPath ./local/folder/path