Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

What is the endpoint I can use for the saved search using API ?

arunsoni
Explorer
‎09-18-2018 01:47 PM

I have a saved search in Splunk. What is the exact URL I need to give to the other team so they can access the saved search along with the result?

The saved search runs for every 30mins and returns the count. So the other application is using REST API to get the count and store in there database for every 30mins.

eg : saved search name is arunsbadmin

what could be the url that I can give to the application team and what is the method to be used(POST or GET) ?

Reply

lwest_splunk
Splunk Employee
Splunk Employee
‎09-19-2018 12:46 PM

I found a resource that may be helpful to you in regards to your question:

Video Tutorial by Karen Hodges
https://www.splunk.com/view/SP-CAAAGYH

As well, I found the following documentation if having a readable chunk of text is a better format for you:

From what I have found, it appears the general steps are as follows -

  1. Navigate to the Searches and reports page in your app in Splunk Manager.

  2. Locate your saved search in the list view and click the Permissions link next to it.

  3. Click the box to Share saved search. This moves the search from your user directory to the app's directory.

  4. Optionally set read/write permissions for users in the access control list. Make sure everyone who will be using your dashboard has read permission for any searches shared in that dashboard.

It may also help to have a look at this documentation on Managing Knowledge Objects to see additional info that may relate depending on your specific needs:

http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/CurateSplunkknowledgewithManager#Make_a...

I hope this helps!

0 Karma
Reply

arunsoni
Explorer
‎09-19-2018 01:11 PM

I think you got the question in wrong way.

I have a saved search which runs every 30 mins and get the count value. I need this value to be take by other application. To have the value to other application we are using rest call. I need what could be the url need to given to application team for the rest call

eg : https://localhost:8089//services/saved/searches -- just example but i need the exact URL which should be give for
saved search name is --- arunsbadmin -- please write the url based on the saved search name

0 Karma
Reply

lwest_splunk
Splunk Employee
Splunk Employee
‎09-19-2018 01:28 PM

Ah! My apologies! I did misunderstand. Doing a bit more digging around, I was able to find another question similar to this, that had the following information:

Please try:

curl --silent -k -u ':' https://localhost:8089/servicesNS/admin/search/search/jobs/export -d search=" savedsearch "

You can also use the following if you would like the results in CSV format:

curl --silent -k -u ':' https://localhost:8089/servicesNS/admin/search/search/jobs/export?output_mode=csv -d search=" savedsearch "

Does this meet your need a bit better?

0 Karma
Reply

arunsoni
Explorer
‎09-20-2018 08:01 AM

I need to use it using UI ? The above which you stated is using CLI mode.
Please post me the url to be used using the UI Page . Thanks

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...