Building for the Splunk Platform

How to enable/disable a saved search using Python SDK?

bollam
Path Finder

Can someone assist me in how to enable and disable the saved searches using python SDK?
I have gone through the docs of python SDK and got how to create and delete but where in I was looking for enabling and disabling the saved searches. Prompt response would be highly appreciated.

Tags (1)
0 Karma
1 Solution

paramagurukarth
Builder

Please try below..

import splunklib.client as client

HOST = "localhost"
PORT = 8089
USERNAME = "admin"
PASSWORD = "changeme"

service = client.connect(
    host=HOST,
    port=PORT,
    username=USERNAME,
    password=PASSWORD)

for ss in service.saved_searches:
    print ss.name
    ss.disable()

View solution in original post

bollam
Path Finder

Hi @paramagurukarthikeyan, How do we enable/disable the saved search which contains the special character in it? I'm getting error while trying enable/disable saved search. Saved search I'm trying to disable is "Testing@#splunk". I'm able to create the saved search with this name but disable is not working. Can you help on this as well?

0 Karma

bollam
Path Finder

Any luck??

0 Karma

bollam
Path Finder

@ paramagurukarthikeyan, Thanks much!! Its working as expected.

0 Karma

paramagurukarth
Builder

Always Welcome

0 Karma

paramagurukarth
Builder

Please try below..

import splunklib.client as client

HOST = "localhost"
PORT = 8089
USERNAME = "admin"
PASSWORD = "changeme"

service = client.connect(
    host=HOST,
    port=PORT,
    username=USERNAME,
    password=PASSWORD)

for ss in service.saved_searches:
    print ss.name
    ss.disable()

cmerriman
Super Champion

do you mean turning on or off a schedule?

0 Karma

bollam
Path Finder

Yes, Exactly

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Hi @bollam,

Can you please try below python code for disabling saved search

import splunk.rest as rest
rest.simpleRequest('/servicesNS/<USER>/<APPNAME>/saved/searches/<YOURSEARCH>', sessionKey=sessionKey, postargs={'disabled': 1}, method='POST', raiseAllErrors=True)

And to enable it again

import splunk.rest as rest
rest.simpleRequest('/servicesNS/<USER>/<APPNAME>/saved/searches/<YOURSEARCH>', sessionKey=sessionKey, postargs={'disabled': 0}, method='POST', raiseAllErrors=True)
0 Karma

bollam
Path Finder

Hi @harsmarvania57 ,
I have written code snippet for a basic query validation. Upon successful validation, It should either create, delete, enable or disable the saved search I provide. It was working for creating and deleting the saved search but I'm finding hard to enable or disable the saved search using python SDK. Is there a way to disable or enable the saved search using python SDK?

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

What's your code snippet ? Have you tried code which I have given in my first comment ?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...