Getting Data In

Why am I receiving "Error in 'savedsearch' command" when exporting data using REST API?


I read the manual, nothing is working.

curl -s -S -ku admin:password https://IP:8089/servicesNS/-/-/search/jobs/export -d search="| savedsearch "Test Search""

This is not working.

I've URL encoded: | savedsearch "Test Search"
This way the double quotes dont get confused with curl command line.


So my curl command is:

curl -s -S -ku admin:password https://IP:8089/servicesNS/-/-/search/jobs/export -d search="%7c%20%73%61%76%65%64%73%65%61%72%63%68%20%22%54%65%73%74%20%53%65%61%72%63%68%22%20"

Why doesnt this work?

The saved search was created with an admin ldap user, it shows under a custom app (not search app).
The admin user has full admin access, yet I receive:

Error in 'savedsearch' command: Unable to find saved search named 'Test Search'

Thanks for your help!

0 Karma


Does "Test Search" have a global context?

If not, you'll need to specify the app context when accessing it.


0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!