Solved: Can I use a REST API command to reschedule the sav...

sbbadri · ‎07-01-2015

How to use POST REST Command in the search to reschedule the saved search scheduled time.

for e.g saved search xxx is scheduled to execute by 2015-07-01 15:30:00. I need to schedule it to 2015-07-01 15:35:00 using

saved/searches/{name}/reschedule POST rest API.

Query:

| rest /services/saved/searches/AlertFired/reschedule POST -d schedule_time=2015-07-1T15:21:00Z

I have tried the above query and got the below error,

Error in 'rest' command: Invalid argument: 'POST'
The search job has failed due to an error. You may be able view the job in the Job Inspector.

Regards,
Badri Srinivas B

martin_mueller · ‎07-01-2015

The rest search command will only do GET requests.

http://docs.splunk.com/Documentation/Splunk/6.2.3/SearchReference/Rest

View solution in original post

vcarbona · ‎07-03-2015

it is possible to reschedule using one of the SDKs. I'm doing this currently for any skipped searches using the Python SDK. The SDK uses REST to accomplish this. It is also possible to do POST requests via REST when using the "curl" command without necessarily using the SDK.

martin_mueller · ‎07-01-2015

The rest search command will only do GET requests.

http://docs.splunk.com/Documentation/Splunk/6.2.3/SearchReference/Rest

sbbadri · ‎07-02-2015

Thanks Martin

Can I use a REST API command to reschedule the saved searches

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann