https://community.splunk.com/t5/Splunk-Search/Splunk-REST-API/m-p/90005#M23092 <P>Can i access the data directly from the splunk server and update the data directly using the rest api without searching? Or it is impossible like what you mentioned ?</P> Tue, 13 Mar 2012 06:31:54 GMT misteryuku 2012-03-13T06:31:54Z https://community.splunk.com/t5/Splunk-Search/Splunk-REST-API/m-p/90003#M23090 <P>Does Splunk REST API allow us to update search results when search results are retrieved and then return the updated result back to splunk? If that's the case, what is the API for that?</P> Tue, 13 Mar 2012 03:21:39 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-REST-API/m-p/90003#M23090 misteryuku 2012-03-13T03:21:39Z https://community.splunk.com/t5/Splunk-Search/Splunk-REST-API/m-p/90004#M23091 <P>You are searching on data that has already been indexed in Splunk. </P> <P>The concept of an "update" doesn't really apply as it might in the database world with SQL.</P> <P>There is a Splunk "delete" search command that will "soft" delete events from the search results.</P> <P>And you can certainly "insert" new events via the REST API using the <A href="http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTinput#receivers.2Fstream">Receivers</A> endpoints, and then subsequent searches can operate on this newly inserted data. Easiest to do this using an <A href="http://dev.splunk.com/view/sdks/SP-CAAADP7">SDK</A> from dev.splunk.com</P> Tue, 13 Mar 2012 03:45:09 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-REST-API/m-p/90004#M23091 Damien_Dallimor 2012-03-13T03:45:09Z https://community.splunk.com/t5/Splunk-Search/Splunk-REST-API/m-p/90005#M23092 <P>Can i access the data directly from the splunk server and update the data directly using the rest api without searching? Or it is impossible like what you mentioned ?</P> Tue, 13 Mar 2012 06:31:54 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-REST-API/m-p/90005#M23092 misteryuku 2012-03-13T06:31:54Z https://community.splunk.com/t5/Splunk-Search/Splunk-REST-API/m-p/90006#M23093 <P>Indexed data is diffult to modify is it?</P> Tue, 13 Mar 2012 06:32:32 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-REST-API/m-p/90006#M23093 misteryuku 2012-03-13T06:32:32Z