https://community.splunk.com/t5/Splunk-Search/How-to-use-the-REST-API-to-fetch-and-filter-results-from-a-saved/m-p/680403#M232554 <P>Here is my sample. I want to get all saved search then from the returned result I want to filter in the field called "search" to find searchstring that contains something like "| collect".<BR /><BR />So&nbsp;&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">| where (search LIKE "%| collect%") </LI-CODE><P>&nbsp;</P><P>do the job<STRONG><BR /><BR />Full Search String:</STRONG></P><P>&nbsp;</P><LI-CODE lang="markup">| rest /servicesNS/-/-/saved/searches | table title, cron_schedule next_scheduled_time eai:acl.owner actions eai:acl.app action.email action.email.to dispatch.earliest_time dispatch.latest_time search | where (search LIKE "%| collect%")</LI-CODE><P><BR /><STRONG>Add-On</STRONG><BR />Let's say I want to filter search a field called "action.summary_index" for the value equals to 1, I can do as below. Enclose the field name with dollar sign ($)<BR /><BR />| rest /servicesNS/-/-/saved/searches | table title, cron_schedule next_scheduled_time eai:acl.owner actions eai:acl.app action.email action.email.to dispatch.earliest_time dispatch.latest_time search *<BR /><STRONG>| where $action.summary_index$ = "1"</STRONG></P><P>&nbsp;</P> Tue, 12 Mar 2024 17:05:00 GMT JL99 2024-03-12T17:05:00Z https://community.splunk.com/t5/Splunk-Search/How-to-use-the-REST-API-to-fetch-and-filter-results-from-a-saved/m-p/254253#M76134 <P>I am using REST service - my requirement is to use Splunk REST URL to fetch details from a saved search .. but I want a filter while fetching details. How can I do this?</P> Thu, 19 May 2016 08:57:26 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-the-REST-API-to-fetch-and-filter-results-from-a-saved/m-p/254253#M76134 samkaj 2016-05-19T08:57:26Z https://community.splunk.com/t5/Splunk-Search/How-to-use-the-REST-API-to-fetch-and-filter-results-from-a-saved/m-p/254254#M76135 <P>You should provide more details on this, like do you want to query the details of the saved search and filter the details or do you want to get back the search results of a saved search and filter on the search results?</P> <P>cheers, MuS</P> Thu, 19 May 2016 22:47:40 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-the-REST-API-to-fetch-and-filter-results-from-a-saved/m-p/254254#M76135 MuS 2016-05-19T22:47:40Z https://community.splunk.com/t5/Splunk-Search/How-to-use-the-REST-API-to-fetch-and-filter-results-from-a-saved/m-p/254255#M76136 <P>Look here:</P> <P><A href="http://docs.splunk.com/Documentation/Splunk/6.0.9/RESTAPI/RESTsearches#Get_search_results">http://docs.splunk.com/Documentation/Splunk/6.0.9/RESTAPI/RESTsearches#Get_search_results</A></P> <P>So from the search bar, like this:</P> <PRE><CODE>| rest services/search/jobs/&lt;HereIsYourJobID&gt;/results/ | &lt;your filter stuff here&gt; </CODE></PRE> Sun, 29 May 2016 01:23:47 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-the-REST-API-to-fetch-and-filter-results-from-a-saved/m-p/254255#M76136 woodcock 2016-05-29T01:23:47Z https://community.splunk.com/t5/Splunk-Search/How-to-use-the-REST-API-to-fetch-and-filter-results-from-a-saved/m-p/254256#M76137 <P>Here: <BR /> <A href="https://www.splunk.com/blog/2013/06/18/getting-data-from-your-rest-apis-into-splunk.html#">https://www.splunk.com/blog/2013/06/18/getting-data-from-your-rest-apis-into-splunk.html#</A> </P> <P>I used this App. Very simple to configure. </P> Tue, 05 Mar 2019 11:23:25 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-the-REST-API-to-fetch-and-filter-results-from-a-saved/m-p/254256#M76137 AnujaJ 2019-03-05T11:23:25Z https://community.splunk.com/t5/Splunk-Search/How-to-use-the-REST-API-to-fetch-and-filter-results-from-a-saved/m-p/680403#M232554 <P>Here is my sample. I want to get all saved search then from the returned result I want to filter in the field called "search" to find searchstring that contains something like "| collect".<BR /><BR />So&nbsp;&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">| where (search LIKE "%| collect%") </LI-CODE><P>&nbsp;</P><P>do the job<STRONG><BR /><BR />Full Search String:</STRONG></P><P>&nbsp;</P><LI-CODE lang="markup">| rest /servicesNS/-/-/saved/searches | table title, cron_schedule next_scheduled_time eai:acl.owner actions eai:acl.app action.email action.email.to dispatch.earliest_time dispatch.latest_time search | where (search LIKE "%| collect%")</LI-CODE><P><BR /><STRONG>Add-On</STRONG><BR />Let's say I want to filter search a field called "action.summary_index" for the value equals to 1, I can do as below. Enclose the field name with dollar sign ($)<BR /><BR />| rest /servicesNS/-/-/saved/searches | table title, cron_schedule next_scheduled_time eai:acl.owner actions eai:acl.app action.email action.email.to dispatch.earliest_time dispatch.latest_time search *<BR /><STRONG>| where $action.summary_index$ = "1"</STRONG></P><P>&nbsp;</P> Tue, 12 Mar 2024 17:05:00 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-the-REST-API-to-fetch-and-filter-results-from-a-saved/m-p/680403#M232554 JL99 2024-03-12T17:05:00Z