Splunk Dev
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Apps & Add-ons
- :
- Splunk Development
- :
- Splunk Dev
- :
- How to enable/disable a saved search using Python ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bollam
Path Finder
01-05-2018
12:21 AM
Can someone assist me in how to enable and disable the saved searches using python SDK?
I have gone through the docs of python SDK and got how to create and delete but where in I was looking for enabling and disabling the saved searches. Prompt response would be highly appreciated.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
paramagurukarth
Builder
01-08-2018
04:27 AM
Please try below..
import splunklib.client as client
HOST = "localhost"
PORT = 8089
USERNAME = "admin"
PASSWORD = "changeme"
service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD)
for ss in service.saved_searches:
print ss.name
ss.disable()
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bollam
Path Finder
01-17-2018
11:41 PM
Hi @paramagurukarthikeyan, How do we enable/disable the saved search which contains the special character in it? I'm getting error while trying enable/disable saved search. Saved search I'm trying to disable is "Testing@#splunk". I'm able to create the saved search with this name but disable is not working. Can you help on this as well?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bollam
Path Finder
01-21-2018
09:12 PM
Any luck??
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bollam
Path Finder
01-08-2018
08:41 PM
@ paramagurukarthikeyan, Thanks much!! Its working as expected.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
paramagurukarth
Builder
01-15-2018
11:31 PM
Always Welcome
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
paramagurukarth
Builder
01-08-2018
04:27 AM
Please try below..
import splunklib.client as client
HOST = "localhost"
PORT = 8089
USERNAME = "admin"
PASSWORD = "changeme"
service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD)
for ss in service.saved_searches:
print ss.name
ss.disable()
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
cmerriman
Super Champion
01-05-2018
04:50 AM
do you mean turning on or off a schedule?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bollam
Path Finder
01-07-2018
07:42 PM
Yes, Exactly
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
01-05-2018
04:49 AM
Hi @bollam,
Can you please try below python code for disabling saved search
import splunk.rest as rest
rest.simpleRequest('/servicesNS/<USER>/<APPNAME>/saved/searches/<YOURSEARCH>', sessionKey=sessionKey, postargs={'disabled': 1}, method='POST', raiseAllErrors=True)
And to enable it again
import splunk.rest as rest
rest.simpleRequest('/servicesNS/<USER>/<APPNAME>/saved/searches/<YOURSEARCH>', sessionKey=sessionKey, postargs={'disabled': 0}, method='POST', raiseAllErrors=True)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bollam
Path Finder
01-07-2018
07:40 PM
Hi @harsmarvania57 ,
I have written code snippet for a basic query validation. Upon successful validation, It should either create, delete, enable or disable the saved search I provide. It was working for creating and deleting the saved search but I'm finding hard to enable or disable the saved search using python SDK. Is there a way to disable or enable the saved search using python SDK?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
01-08-2018
01:19 AM
What's your code snippet ? Have you tried code which I have given in my first comment ?
Get Updates on the Splunk Community!
Prove Your Splunk Prowess at .conf25—No Prereqs Required!
Your Next Big Security Credential: No Prerequisites Needed
We know you’ve got the skills, and now, earning the ...
Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code
This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...
Splunk Answers Content Calendar, July Edition I
Hello Community!
Welcome to another month of Community Content Calendar series! For the month of July, we will ...
