Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do you create saved search using REST API call?

sp04355
New Member
‎12-12-2018 04:16 PM

Works in curl:

curl -k -u admin:changeme http://localhost:8089/servicesNS/admin/search/saved/searches -d name=MySavedSearch --data-urlencode search="index=_internal source=*metrics.log"

The same call from Postman:

http://localhost:8089//servicesNS/admin/launcher/saved/searches?name="MySavedSearch"&search="index=_... source=*metrics.log"

< ERROR">Cannot perform action "POST" without a target name to act on.

What is the target name it complains about? I provided an application name as a target — not good enough?

0 Karma
Reply

paulstark2
Engager
‎02-09-2021 09:53 AM 
curl -k -u admin:changeme https://localhost:8089/services/saved/searches \
	-d name=firstApiTest \
	-d disabled=1 \
	-d owner=nobody \
	-d description=descritionText \
	-d search="index=main" \
	-d dispatch.index_earliest=-7d \
	-d dispatch.index_latestlatest=now
0 Karma
Reply

damode1
Path Finder
‎08-30-2023 10:12 PM

Is there a way to pass these values from a file?

	-d name=firstApiTest \
	-d disabled=1 \
	-d owner=nobody \
	-d description=descritionText \
	-d search="index=main" \
	-d dispatch.index_earliest=-7d \
	-d dispatch.index_latestlatest=now
0 Karma
Reply

whrg
Motivator
‎12-15-2018 07:49 AM

Hello @sp04355,

Do you know the distinction between GET and POST requests? If not, you should probably google it. One important difference is that GET parameters are sent as part of the URL whereas POST parameters are sent in the request body after the HTTP headers.

When you browse the REST API Reference Manual then you will see that there are many functions which depend on the type of the request (GET, POST, DELETE...). GET is usually for requesting data whereas POST is for making changes.

Your curl command above will run a POST request which looks like this:

POST /servicesNS/admin/search/saved/searches HTTP/1.1
Authorization: Basic ...
User-Agent: curl/...
Host: localhost
Accept: */*
Content-Length: 66
Content-Type: application/x-www-form-urlencoded

name=MySavedSearch&search=index%3D_internal%20source%3Dmetrics.log

Now I'm not familiar with Postman but from what I can see: You are explicitly putting the parameters in the URL instead of the request body. So you are sending a POST request without any valid parameters. That's why Splunk is complaining that it cannot find the "name=MySavedSearch" parameter.

So I advice to check the Postman documentation on how to send a POST request.

Side note 1: Why do you have "launcher" in the postman URL?
Side note 2: I'm surprised to see that you are using http instead of https.

0 Karma
Reply

sp04355
New Member
‎12-14-2018 10:00 AM

Should i add a stanza to the input.conf?
I have the same issue on create index as well.
Please, Splunk gurus? Anybody knows the answer?

0 Karma
Reply

gerrysr6
Explorer
‎07-10-2023 10:48 AM

what the heck is a stanza?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf25, and our Community

Thank you to everyone in the Splunk Community who joined us for .conf25, which kicked off with our iconic ...

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...