Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What is the endpoint I can use for the saved search using API ?

arunsoni
Explorer
‎09-18-2018 01:47 PM

I have a saved search in Splunk. What is the exact URL I need to give to the other team so they can access the saved search along with the result?

The saved search runs for every 30mins and returns the count. So the other application is using REST API to get the count and store in there database for every 30mins.

eg : saved search name is arunsbadmin

what could be the url that I can give to the application team and what is the method to be used(POST or GET) ?

Reply

lwest_splunk
Splunk Employee
Splunk Employee
‎09-19-2018 12:46 PM

I found a resource that may be helpful to you in regards to your question:

Video Tutorial by Karen Hodges
https://www.splunk.com/view/SP-CAAAGYH

As well, I found the following documentation if having a readable chunk of text is a better format for you:

From what I have found, it appears the general steps are as follows -

  1. Navigate to the Searches and reports page in your app in Splunk Manager.

  2. Locate your saved search in the list view and click the Permissions link next to it.

  3. Click the box to Share saved search. This moves the search from your user directory to the app's directory.

  4. Optionally set read/write permissions for users in the access control list. Make sure everyone who will be using your dashboard has read permission for any searches shared in that dashboard.

It may also help to have a look at this documentation on Managing Knowledge Objects to see additional info that may relate depending on your specific needs:

http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/CurateSplunkknowledgewithManager#Make_a...

I hope this helps!

0 Karma
Reply

arunsoni
Explorer
‎09-19-2018 01:11 PM

I think you got the question in wrong way.

I have a saved search which runs every 30 mins and get the count value. I need this value to be take by other application. To have the value to other application we are using rest call. I need what could be the url need to given to application team for the rest call

eg : https://localhost:8089//services/saved/searches -- just example but i need the exact URL which should be give for
saved search name is --- arunsbadmin -- please write the url based on the saved search name

0 Karma
Reply

lwest_splunk
Splunk Employee
Splunk Employee
‎09-19-2018 01:28 PM

Ah! My apologies! I did misunderstand. Doing a bit more digging around, I was able to find another question similar to this, that had the following information:

Please try:

curl --silent -k -u ':' https://localhost:8089/servicesNS/admin/search/search/jobs/export -d search=" savedsearch "

You can also use the following if you would like the results in CSV format:

curl --silent -k -u ':' https://localhost:8089/servicesNS/admin/search/search/jobs/export?output_mode=csv -d search=" savedsearch "

Does this meet your need a bit better?

0 Karma
Reply

arunsoni
Explorer
‎09-20-2018 08:01 AM

I need to use it using UI ? The above which you stated is using CLI mode.
Please post me the url to be used using the UI Page . Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...