Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

REST query for saved searches only returns owner="nobody" results

the4tress
Engager
‎07-31-2014 12:29 PM

I am trying to build an application that leverages our Splunk Enterprise
setup using Python. I want to get a list of all saved searches (reports),
then get a list of the results of those searches. When I connect to Splunk
via the API and query for saved searches it only returns searches owned by
"nobody", but when I view the searches in the Web UI I see all the searches
saved by everybody.

How can I view the searches saved by everybody, or even a specific user?

Here is a very basic version of what I'm trying to do:

import splunklib.client as client
import splunklib.results as results

CONNECT_DICT = {
    'username': removed,
    'password': removed,
    'host': removed,
    'port': removed
}

service = client.connect(**CONNECT_DICT)

saved_searches = service.saved_searches

for saved_search in saved_searches:
    print "%s: %s" % (saved_search.name, saved_search['search'])

Thanks for any info.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

strive
Influencer
‎07-31-2014 01:04 PM

By default the API returns the saved searches present in current namespace. See this link http://dev.splunk.com/view/python-sdk/SP-CAAAEK2#listsaved the section "To list saved searches" will help you to retrieve what you need. You should create a separate service class.

for overview on namespaces read this. http://dev.splunk.com/view/python-sdk/SP-CAAAEBB#namespaces

View solution in original post

Reply
Solved! Jump to solution
Solution

strive
Influencer
‎07-31-2014 01:04 PM

By default the API returns the saved searches present in current namespace. See this link http://dev.splunk.com/view/python-sdk/SP-CAAAEK2#listsaved the section "To list saved searches" will help you to retrieve what you need. You should create a separate service class.

for overview on namespaces read this. http://dev.splunk.com/view/python-sdk/SP-CAAAEBB#namespaces

Reply
Solved! Jump to solution

the4tress
Engager
‎08-04-2014 06:26 AM

Thanks @strive. That got me one step closer. I'm having permissions issues on my service account now. It doesn't have permission to access other user's saved searches.

I posted the question here: http://answers.splunk.com/answers/149067/permissions-issue-access-saved-searches

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...