Retrieving saved search data using the REST API an...

sdaruna · ‎12-18-2015

Hi,

I am trying to receive saved search data using REST API and showing the results in csv format. Is there a way that I can change the delimiter to pipe instead of comma?

The command I used to fetch the data is:

curl -k -u <user>:<pass> -d "search=savedsearch saved_search1" https://<splunk_host>:8089/services/search/jobs/export -d output_mode=csv

I'm getting the data in comma separated format. Now, is there a way that I can specify the delimiter?

Thank You,
Regards,
Srini

jkat54 · ‎12-20-2015

To change the default "list separator" used in CSV, you must change your date/time/system settings to use pipes instead of commas. Here's how you do it in windows. You'll need to change this on the server running splunk as far as I know, but you may have to do so on your computer as well.

Retrieving saved search data using the REST API and showing results in CSV format, is there a way to specify pipe as the delimiter?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation