Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why am I receiving "Error in 'savedsearch' command" when exporting data using REST API?

BP9906
Builder
‎01-11-2017 01:00 PM

http://docs.splunk.com/Documentation/Splunk/6.4.5/Search/ExportdatausingRESTAPI

I read the manual, nothing is working.


curl -s -S -ku admin:password https://IP:8089/servicesNS/-/-/search/jobs/export -d search="| savedsearch "Test Search""

This is not working.

I've URL encoded: | savedsearch "Test Search"
This way the double quotes dont get confused with curl command line.

%7c%20%73%61%76%65%64%73%65%61%72%63%68%20%22%54%65%73%74%20%53%65%61%72%63%68%22%20

So my curl command is:

curl -s -S -ku admin:password https://IP:8089/servicesNS/-/-/search/jobs/export -d search="%7c%20%73%61%76%65%64%73%65%61%72%63%68%20%22%54%65%73%74%20%53%65%61%72%63%68%22%20"

Why doesnt this work?

The saved search was created with an admin ldap user, it shows under a custom app (not search app).
The admin user has full admin access, yet I receive:

Error in 'savedsearch' command: Unable to find saved search named 'Test Search'

Thanks for your help!

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎01-11-2017 06:09 PM

Does "Test Search" have a global context?

If not, you'll need to specify the app context when accessing it.

https://localhost:8089/servicesNS/admin/yourApp/search/jobs/export

0 Karma
Reply
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Get Updates on the Splunk Community!