Re: Error on Overview Pane - Failed to fetch REST ...

yarick · ‎01-03-2019

REST Processor: Failed to fetch REST endpoint uri=https://127.0.0.1:8089/services/alerts/correlationsearches?count=0 from server https://127.0.0.1:8089. Check that the URI path provided exists in the REST API.
Unexpected status for to fetch REST endpoint uri=https://127.0.0.1:8089/services/alerts/correlationsearches?count=0 from server=https://127.0.0.1:8089 - Not Found

zamkov · ‎01-03-2019

You can edit savedsearch panel and change the REST Endpoint to the updated version
From:
/services/alerts/correlationsearches
To:
/services/saved/searches

REF. https://answers.splunk.comn/answers/239437/how-to-get-a-complete-list-with-descriptions-of-co.html
REF. https://docs.splunk.com/Documentation/ESHealthCheck/1.0.0/UserGuide/Releasenotes

2017-05-10 SOLNESS-12056, SOLNESS-12106 On instances running Splunk Enterprise Security 4.6.0 or later, the Get Enabled Correlation Searches panel does not show results.
Workaround:
Replace the search with the following syntax: | rest splunk_server=local count=0 /services/saved/searches | search action.correlationsearch.enabled = 1 | stats count as total, count(eval(disabled=0)) as enabled | eval op = enabled . "/" . total | fields op

yarick · ‎01-03-2019

Perfect, thanks!

Error on Overview Pane - Failed to fetch REST endpoint

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio