REST API search issue in Postman

Getting Data In

I have the Authorization figured working, but every time I run a search, I get the following error:
(NOTE the AAA/BBB/nnn stuff is just to mask actual values in this post)

<messages>
        <msg type="DEBUG">Configuration initialization for /var/splunkhot/splunk/etc took 112ms when dispatching a search (search ID: 1556216662.24755_33CF52FC-F282-491A-875E-F8EC1EB01F4C)</msg>
        <msg type="DEBUG">Invalid eval expression for 'EVAL-url_length' in stanza [pan:threat]: The expression is malformed. Expected LIKE.</msg>
        <msg type="DEBUG">base lispy: [ AND host::AAAAAAA source::/app/jboss/BBBBBB/log/server.log ]</msg>
        <msg type="DEBUG">search context: user="nnnnnnn", app="search", bs-pathname="/var/splunkhot/splunk/etc"</msg>
    </messages>

The actual search I have in the body of the POST is:

search=search+host%3DAAAAAAA+source%3D%2Fapp%2Fjboss%2BBBBBB%2Flog%2Fserver.log+%7C+search+ERROR+earliest%3D-4h

I've even done just a SIMPLE search:

search=search+host%3DAAAAAAA

and I STILL get an error.

Any ideas what the issue is??

Get Updates on the Splunk Community!

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Cultivate Your Career Growth with Fresh Splunk Training

Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...

Are you a member of the Splunk Community?