Splunk Dev

Not all of the saved searches are available while using SDK for Python version 1.6.14.

604531fecb
Observer

I have an issue with Splunk saved searches. When I'm using the Splunk web interface, I can see ALL of the saved searches in my web browser, edit them or run. But when I'm using Splunk SDK, I can't get some of the freshly created reports. I have about 70 saved search queries right now and 60 of them are working properly. But the remaining 10 are not visible at all from SDK. I am running SDK version 1.6.14 and my saved searches run under admin user. I have also tried to run a sample script that outputs all of the saved searches: https://github.com/splunk/splunk-sdk-python/blob/master/examples/saved_searches.py and it shows me a really big output with about 69k lines in which I don't see my new 10 saved searches.

Any tips?

Labels (3)
Tags (1)
0 Karma

thambisetty
SplunkTrust
SplunkTrust

You mentioned that saved searches created with admin users. Did you use same admin user in sdk for authentication? If you don’t see some of the saved searches, the reason could be the user you used doesn’t have permission. I am just thinking.

 

————————————
If this helps, give a like below.
0 Karma

604531fecb
Observer

No, this saved search queries have been created by a regular user. And I'm running Splunk SDK for python with admin user credentials. I think that admin has maximum possible permissions

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...