Hi,
From the [post][1] , I learned that we can use following to refresh savedsearches.conf.
splunk _internal call /servicesNS/admin/search/admin/savedsearch/_reload -auth username
My doubt here is that will it refresh savedsearches.conf for just for
1. user=admin and app=search OR
2. user=all and app=search OR
3. user=all and app=all
[1]: http://answers.splunk.com/answers/8696/how-to-reload-global-savedsearches
Hi somesoni2,
just today I saw your question and did read some docs only minutes before, so here is the answer:
When you're using the Splunk REST API for namespace (/servicesNS/*) endpoints, you must ensure that you specify the correct user/app context for the endpoint:
https://<Splunk server>:<management port>/servicesNS/<user>/<app>/*
For shared application resources, specify nobody for <user>
.
To specify all users or all apps, use the wildcard, '-'. For example: .../servicesNS/-/-/saved/searches. When using a wildcard for all users, this includes shared application resources accessible by all users.
So, in your example and based on the docs, you are reloading for user=admin
and app=search
.
hope this helps ...
cheers, MuS
Hi somesoni2,
just today I saw your question and did read some docs only minutes before, so here is the answer:
When you're using the Splunk REST API for namespace (/servicesNS/*) endpoints, you must ensure that you specify the correct user/app context for the endpoint:
https://<Splunk server>:<management port>/servicesNS/<user>/<app>/*
For shared application resources, specify nobody for <user>
.
To specify all users or all apps, use the wildcard, '-'. For example: .../servicesNS/-/-/saved/searches. When using a wildcard for all users, this includes shared application resources accessible by all users.
So, in your example and based on the docs, you are reloading for user=admin
and app=search
.
hope this helps ...
cheers, MuS
Thanks MuS, this clarifies my doubt.