Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Getting Data In
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Does anyone know how to convert a savedsearch requ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kmugglet
Communicator
12-01-2014
07:12 PM
Does anyone know how to convert this savedsearch request to a REST endpoint request?
|savedsearch mysearch replace_me="value"
I can run a normal savedsearch "apm_cvc_qtr_bh_test" using curl in the app apm_snpm
curl -k -u svc_user_bob:password https://localhost:8089/servicesNS/svc_user_bob/apm_snpm/saved/searches/apm_cvc_qtr_bh_test/dispatch -d trigger_actions=1
but i don't know how to pass the replace_me key and value
Any ideas?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kmugglet
Communicator
12-02-2014
04:02 PM
For the rest call
curl -k u user:password https://blah.local:8089/servicesNS/svc_usr_bob/apm_snpm/saved/searches/apm_cvc_qtr_bh_test/dispatch -d trigger_actions=1 -d args.startDate="-3d" -d args.endDate="-0d"
in the saved search
eventtype=service-CombinedForwardingPlaneQueueGroupServiceIngressLogRecord earliest=$args.startDate$ latest=$args.endDate$
I should work for the NSA after decrypting the Splunk doco
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kmugglet
Communicator
12-02-2014
04:02 PM
For the rest call
curl -k u user:password https://blah.local:8089/servicesNS/svc_usr_bob/apm_snpm/saved/searches/apm_cvc_qtr_bh_test/dispatch -d trigger_actions=1 -d args.startDate="-3d" -d args.endDate="-0d"
in the saved search
eventtype=service-CombinedForwardingPlaneQueueGroupServiceIngressLogRecord earliest=$args.startDate$ latest=$args.endDate$
I should work for the NSA after decrypting the Splunk doco
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
12-02-2014
01:33 PM
See this example
http://answers.splunk.com/answers/8945/how-to-start-a-saved-search-using-rest-api.html
you can just give your "|savedsearch" command as search query in curl.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kmugglet
Communicator
12-02-2014
04:01 PM
Thanks, but I couldn't see in there how to pass the values for a template search...
Get Updates on the Splunk Community!
Data Management Digest – December 2025
Welcome to the December edition of Data Management Digest!
As we continue our journey of data innovation, the ...
Index This | What is broken 80% of the time by February?
December 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this ...
Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...
Hello Splunk Community,
We're thrilled to share an exciting update that will help you manage your data more ...
