Lets say if i do not search for the data using the splunk search then can i edit the data directly from the splunk server using the Splunk's REST api?
Edit as in change data that is already in Splunk's index? No. Once data is indexed, there is no (easy) way of altering it.
Nothing i just want to know if there is such thing as updating the indexed data since i don't see any documentation on that on this Splunk website.
Could you tell us a bit more about what you're trying to achieve?
When you search in Splunk - regardless of which method you're using - you're getting your results from Splunk's index, yes.
Normally when log file data is sent to splunk, splunk indexes the file data right? When you search for the result using Splunk's REST API, the result normally returns indexed data right? Am i right in both statements i made?
OK. In that case the answer is no.
Yes. That is what mean. Edit as in change data that is already in Splunk's index.
