Solved: Re: How to Get Saved Searches by Owner Through RES...

koocies · ‎10-12-2020

I see the EAI:ACL documentation mentions that an owner flag can be set. can this be used for getting saved searches based on the owner?
so far with curl I have not gotten the results as excepted (the owner is ignored)

If someone knows can you please give me an example?

here is my curl:

curl-k -u john:Password http://localhost:8089/servicesNS/-/app/saved/searches&eai:acl.owner=john

koocies · ‎10-12-2020

Solution is to use the search parameter in the HTTP request:

curl-k -u john:Password http://localhost:8089/servicesNS/-/app/saved/searches?search=eai:acl.owner%3Djohn

I honestly don't understand why the username endpoint is used. a '-' for any then using search parameter to narrow down to the owner of saved searches works.

View solution in original post

koocies · ‎10-12-2020

Solution is to use the search parameter in the HTTP request:

curl-k -u john:Password http://localhost:8089/servicesNS/-/app/saved/searches?search=eai:acl.owner%3Djohn

I honestly don't understand why the username endpoint is used. a '-' for any then using search parameter to narrow down to the owner of saved searches works.

richgalloway · ‎10-12-2020

Try

curl-k -u john:Password http://localhost:8089/servicesNS/john/app/saved/searches

---
If this reply helps you, Karma would be appreciated.

koocies · ‎10-12-2020

this returns saved search owned by nobody and the user. It does not seem to filter to the user alone

How to Get Saved Searches by Owner Through REST API?

rest API

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases