Splunk Dev

How to enable/disable a saved search using Python SDK?

bollam
Path Finder

Can someone assist me in how to enable and disable the saved searches using python SDK?
I have gone through the docs of python SDK and got how to create and delete but where in I was looking for enabling and disabling the saved searches. Prompt response would be highly appreciated.

Tags (1)
0 Karma
1 Solution

paramagurukarth
Builder

Please try below..

import splunklib.client as client

HOST = "localhost"
PORT = 8089
USERNAME = "admin"
PASSWORD = "changeme"

service = client.connect(
    host=HOST,
    port=PORT,
    username=USERNAME,
    password=PASSWORD)

for ss in service.saved_searches:
    print ss.name
    ss.disable()

View solution in original post

bollam
Path Finder

Hi @paramagurukarthikeyan, How do we enable/disable the saved search which contains the special character in it? I'm getting error while trying enable/disable saved search. Saved search I'm trying to disable is "Testing@#splunk". I'm able to create the saved search with this name but disable is not working. Can you help on this as well?

0 Karma

bollam
Path Finder

Any luck??

0 Karma

bollam
Path Finder

@ paramagurukarthikeyan, Thanks much!! Its working as expected.

0 Karma

paramagurukarth
Builder

Always Welcome

0 Karma

paramagurukarth
Builder

Please try below..

import splunklib.client as client

HOST = "localhost"
PORT = 8089
USERNAME = "admin"
PASSWORD = "changeme"

service = client.connect(
    host=HOST,
    port=PORT,
    username=USERNAME,
    password=PASSWORD)

for ss in service.saved_searches:
    print ss.name
    ss.disable()

cmerriman
Super Champion

do you mean turning on or off a schedule?

0 Karma

bollam
Path Finder

Yes, Exactly

0 Karma

harsmarvania57
Ultra Champion

Hi @bollam,

Can you please try below python code for disabling saved search

import splunk.rest as rest
rest.simpleRequest('/servicesNS/<USER>/<APPNAME>/saved/searches/<YOURSEARCH>', sessionKey=sessionKey, postargs={'disabled': 1}, method='POST', raiseAllErrors=True)

And to enable it again

import splunk.rest as rest
rest.simpleRequest('/servicesNS/<USER>/<APPNAME>/saved/searches/<YOURSEARCH>', sessionKey=sessionKey, postargs={'disabled': 0}, method='POST', raiseAllErrors=True)
0 Karma

bollam
Path Finder

Hi @harsmarvania57 ,
I have written code snippet for a basic query validation. Upon successful validation, It should either create, delete, enable or disable the saved search I provide. It was working for creating and deleting the saved search but I'm finding hard to enable or disable the saved search using python SDK. Is there a way to disable or enable the saved search using python SDK?

0 Karma

harsmarvania57
Ultra Champion

What's your code snippet ? Have you tried code which I have given in my first comment ?

0 Karma
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...