Here is some old answers and other examples/instructions how to use it
Saved searches ids are in the following format:
owner:app:title
You can load the results with
| loadjob savedsearch="owner:app:title"
If/when you are running this on SHC, you should remember this:
A search head cluster can run the loadjob command only on scheduled saved searches. A search head cluster runs searches on results or artifacts that the search head cluster replicates.
r. Ismo
Hello,
Thank you so much for your quick response, truly appreciate it.
The main objective here is to export this report result to third party server using API. My plan is to pull the report results and store it in one of our servers using API and send that result from there to third party server using another API call. Do you have any recommendations how I can proceed or can make API call to get/pull that report to our server?
Probably calling this search via REST API is the easiest way to get report from splunk to your another server/service. You could read from here how it can do.
Based on your security requirements, it's best to create a separate service user just for this with as restricted access right as possible.
Here is some old answers and other examples/instructions how to use it