Solved: Is there a way to only get the response with "isDo...

Kukkadapu · ‎11-08-2017

HI , When I try to get the status of the search_id using the REST endpoint "search/jobs/{search_id}: ", I see a lot of information in the response. Is there a way to only get the response to check the status of the job i.e. the field - "isDone" (without all the other information)

cmerriman · ‎11-08-2017

as far as i know, you just add something like |where isDone=1 to filter if the job is done or not. Otherwise you do a |fields isDone otherFields to only show fields you're interested in. I don't believe you can do this all in the rest command.

View solution in original post

cmerriman · ‎11-08-2017

as far as i know, you just add something like |where isDone=1 to filter if the job is done or not. Otherwise you do a |fields isDone otherFields to only show fields you're interested in. I don't believe you can do this all in the rest command.

Kukkadapu · ‎11-08-2017

Thanks for the reply cmerriman. We are calling the endpoint from the Java based app and is there any way to get only isDone instead of the whole payload?

Is there a way to only get the response with "isDone" using the REST endpoint "search/jobs/{search_id}:"?

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Is there a way to only get the response with "isDone" using the REST endpoint "search/jobs/{search_id}:"?

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!