Hiya, I'm trying to use the Splunk REST API to update macros that I've recently had to move to live under a different app that isn't the default `search` app.

Before when the macro lived in the `search` app I was able to make a POST request to 

/servicesNS/<account>/search/admin/macros/<macroName>

And this worked:

elif search_or_macro == 'macros':
    url = '<ROOT>/servicesNS/<ACCOUNT>/search/admin/macros/{}'.format(macro_name)
    res = requests.post(url, headers=headers, data={'definition': r'{}'.format(macro_definition)})

However once I moved the macros to live under a new app, let's call it `my_new_app`, POST requests no longer work to update the macro. This is what I have currently:

elif search_or_macro == 'macros':
  url = '<ROOT>/servicesNS/nobody/my_new_app/admin/macros/{}'.format(macro_name)
  res = requests.post(url, headers=headers, data={'definition': r'{}'.format(macro_definition)})

I have tried replacing `nobody` with:

• admin
• the account that owns the macro

However neither of these work.

I used the following splunk command to verify that the endpoint does seem to exist:

| rest /servicesNS/<ACCOUNT>/my_new_app/admin/macros/<MACRO NAME>
| search author=<ACCOUNT>

And when I run that I get the following `id`:

https://127.0.0.1:8089/servicesNS/nobody/my_new_app/admin/macros/<MACRO NAME>

 
I have also read through the REST API documentation here:

• https://docs.splunk.com/Documentation/Splunk/9.1.3/RESTTUT/RESTbasicexamples
• https://docs.splunk.com/Documentation/Splunk/9.1.3/RESTUM/RESTusing#Namespace
• https://docs.splunk.com/Documentation/Splunk/9.1.3/RESTUM/RESTusing

However none of these explicitly describe how to update macros, and all I can seem to find when googling are old posts from 2015-2019 that weren't applicable to what I am trying to achieve

Any help here would greatly be appreciated, I feel like I'm missing something simple but can't find further documentation that applies to macros