Solved: Re: Is there a way to only get the response with "...

Kukkadapu · ‎11-08-2017

HI , When I try to get the status of the search_id using the REST endpoint "search/jobs/{search_id}: ", I see a lot of information in the response. Is there a way to only get the response to check the status of the job i.e. the field - "isDone" (without all the other information)

cmerriman · ‎11-08-2017

as far as i know, you just add something like |where isDone=1 to filter if the job is done or not. Otherwise you do a |fields isDone otherFields to only show fields you're interested in. I don't believe you can do this all in the rest command.

View solution in original post

cmerriman · ‎11-08-2017

as far as i know, you just add something like |where isDone=1 to filter if the job is done or not. Otherwise you do a |fields isDone otherFields to only show fields you're interested in. I don't believe you can do this all in the rest command.

Kukkadapu · ‎11-08-2017

Thanks for the reply cmerriman. We are calling the endpoint from the Java based app and is there any way to get only isDone instead of the whole payload?

Is there a way to only get the response with "isDone" using the REST endpoint "search/jobs/{search_id}:"?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?