https://community.splunk.com/t5/Splunk-Dev/How-to-run-a-saved-search-with-SDK/m-p/68985#M956 <P>Yes it certainly can. To run a saved search, use splunklib.client.SavedSearch.dispatch() (see the reference docs here: <A href="http://docs.splunk.com/DocumentationStatic/PythonSDK/0.8Beta/client.html#splunklib.client.SavedSearch" target="_blank">http://docs.splunk.com/DocumentationStatic/PythonSDK/0.8Beta/client.html#splunklib.client.SavedSearch</A> ). </P> <P>The saved search example shows how to list your saved searches, but not how to run one. BUT, you can see an example of how to run a saved search in the unit tests for saved_search (/test/test_saved_search.py). Look for "def test_dispatch(self)", which tests various things such as enumerating saved searches, deleting one, creating one, but also running one. This part of the test case runs a search, gets back a job ID, waits for the job to finish, gets the results: </P> <PRE><CODE> ... job = saved_search.dispatch() testlib.wait(job, lambda job: bool(int(job['isDone']))) job.results().close() job.cancel() ... </CODE></PRE> <P>In general, the unit tests are a good place to look for examples of how to use the API.</P> Mon, 28 Sep 2020 11:54:46 GMT apruneda_splunk 2020-09-28T11:54:46Z https://community.splunk.com/t5/Splunk-Dev/How-to-run-a-saved-search-with-SDK/m-p/68984#M955 <P>I'm new to Splunk, and am trying to run a saved search with the Python SDK, with the client module (not binding), only I don't understand the SDK model well enough (probably don't know Splunk itself well enough either). I can list all saved searches with <CODE>saved_searches.py</CODE> or a particular search with <CODE>saved_search/saved_search.py</CODE>, and I can run a one-off search:</P> <PRE><CODE>job = splunk.jobs.create('search sourcetype=foo earliest=-60m') </CODE></PRE> <P>but I don't see an interface for running a saved search.</P> <P>Can the client module run a saved search?</P> <P>Thank you,</P> Wed, 06 Jun 2012 19:42:47 GMT https://community.splunk.com/t5/Splunk-Dev/How-to-run-a-saved-search-with-SDK/m-p/68984#M955 zacharysyoung 2012-06-06T19:42:47Z https://community.splunk.com/t5/Splunk-Dev/How-to-run-a-saved-search-with-SDK/m-p/68985#M956 <P>Yes it certainly can. To run a saved search, use splunklib.client.SavedSearch.dispatch() (see the reference docs here: <A href="http://docs.splunk.com/DocumentationStatic/PythonSDK/0.8Beta/client.html#splunklib.client.SavedSearch" target="_blank">http://docs.splunk.com/DocumentationStatic/PythonSDK/0.8Beta/client.html#splunklib.client.SavedSearch</A> ). </P> <P>The saved search example shows how to list your saved searches, but not how to run one. BUT, you can see an example of how to run a saved search in the unit tests for saved_search (/test/test_saved_search.py). Look for "def test_dispatch(self)", which tests various things such as enumerating saved searches, deleting one, creating one, but also running one. This part of the test case runs a search, gets back a job ID, waits for the job to finish, gets the results: </P> <PRE><CODE> ... job = saved_search.dispatch() testlib.wait(job, lambda job: bool(int(job['isDone']))) job.results().close() job.cancel() ... </CODE></PRE> <P>In general, the unit tests are a good place to look for examples of how to use the API.</P> Mon, 28 Sep 2020 11:54:46 GMT https://community.splunk.com/t5/Splunk-Dev/How-to-run-a-saved-search-with-SDK/m-p/68985#M956 apruneda_splunk 2020-09-28T11:54:46Z https://community.splunk.com/t5/Splunk-Dev/How-to-run-a-saved-search-with-SDK/m-p/68986#M957 <P>Thank you, Apruneda. This is exactly the answer.</P> Wed, 06 Jun 2012 20:59:23 GMT https://community.splunk.com/t5/Splunk-Dev/How-to-run-a-saved-search-with-SDK/m-p/68986#M957 zacharysyoung 2012-06-06T20:59:23Z