Other Usage

ITWhisperer
SplunkTrust
SplunkTrust

Saved searches ids are in the following format:

owner:app:title

You can load the results with 

| loadjob savedsearch="owner:app:title"

isoutamo
SplunkTrust
SplunkTrust

If/when you are running this on SHC, you should remember this:

A search head cluster can run the loadjob command only on scheduled saved searches. A search head cluster runs searches on results or artifacts that the search head cluster replicates.

r. Ismo

SplunkDash
Motivator

Hello,

Thank you so much for your quick response, truly appreciate it.

The main objective here is to export this report result to third party server using API. My plan is to pull the report results and store it in one of our servers using API and send that result from there to third party server using another API call. Do you have any recommendations how I can proceed or can make API call to get/pull that report  to our server?

Tags (1)
0 Karma

isoutamo
SplunkTrust
SplunkTrust

Probably calling this search via REST API is the easiest way to get report from splunk to your another server/service. You could read from here how it can do.

Based on your security requirements, it's best to create a separate service user just for this with as restricted access right as possible.

SplunkDash
Motivator

Hello @isoutamo,

Thank you so much again:

if this is the link I need use

https://<host>:<mPort>/services/search/jobs/{search_id}

 What is the {search_id} , and how I can get that?

Tags (1)
0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...