Developing for Splunk Enterprise
Highlighted

When trying to filter the endpoint, why replacing the user and app fields don't seem to effect the result at all?

Path Finder

Using Python to access the rest api, servicesns/{user}/{app}/saved/searches endpoint does not filter by app or user
When trying to filter this endpoint, replacing the user and app fields don't seem to effect the result at all. Is there something I'm missing? I'm using the requests library in Python 3.

0 Karma

Re: When trying to filter the endpoint, why replacing the user and app fields don't seem to effect the result at all?

Path Finder

Looks like the issue is that the endpoint doesn't look for what app the searches are associated with, it looks at the permissions on the searches. I've been getting the searches that are associated with the app as well as the ones that are shared globally. The workaround is to parse the search["acl"]["app"] property.

View solution in original post