Other Usage
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How would I get report ID or ID for the saved/schedule search?

SplunkDash
Motivator
‎05-27-2023 06:39 PM

Hello,

How would I get report ID or ID for the saved/schedule search? Thank you!

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎05-28-2023 12:30 AM

Saved searches ids are in the following format:

owner:app:title

You can load the results with 

| loadjob savedsearch="owner:app:title"
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎05-28-2023 06:49 AM

If/when you are running this on SHC, you should remember this:

A search head cluster can run the loadjob command only on scheduled saved searches. A search head cluster runs searches on results or artifacts that the search head cluster replicates.

r. Ismo

Reply
Solved! Jump to solution

SplunkDash
Motivator
‎05-28-2023 07:07 AM

Hello,

Thank you so much for your quick response, truly appreciate it.

The main objective here is to export this report result to third party server using API. My plan is to pull the report results and store it in one of our servers using API and send that result from there to third party server using another API call. Do you have any recommendations how I can proceed or can make API call to get/pull that report  to our server?

Tags (1)
0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎05-28-2023 07:15 AM

Probably calling this search via REST API is the easiest way to get report from splunk to your another server/service. You could read from here how it can do.

Based on your security requirements, it's best to create a separate service user just for this with as restricted access right as possible.

Reply
Solved! Jump to solution

SplunkDash
Motivator
‎05-28-2023 07:32 AM

Hello @isoutamo,

Thank you so much again:

if this is the link I need use

https://<host>:<mPort>/services/search/jobs/{search_id}

 What is the {search_id} , and how I can get that?

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

The Splunk Community Dashboard Challenge is still happening, and it's not too late to enter for the week of ...

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

What is the Builder Bar? The Builder Bar is more than just a place; it's a hub of creativity, collaboration, ...

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...