Other Usage

ITWhisperer
SplunkTrust
SplunkTrust

Saved searches ids are in the following format:

owner:app:title

You can load the results with 

| loadjob savedsearch="owner:app:title"

isoutamo
SplunkTrust
SplunkTrust

If/when you are running this on SHC, you should remember this:

A search head cluster can run the loadjob command only on scheduled saved searches. A search head cluster runs searches on results or artifacts that the search head cluster replicates.

r. Ismo

SplunkDash
Motivator

Hello,

Thank you so much for your quick response, truly appreciate it.

The main objective here is to export this report result to third party server using API. My plan is to pull the report results and store it in one of our servers using API and send that result from there to third party server using another API call. Do you have any recommendations how I can proceed or can make API call to get/pull that report  to our server?

Tags (1)
0 Karma

isoutamo
SplunkTrust
SplunkTrust

Probably calling this search via REST API is the easiest way to get report from splunk to your another server/service. You could read from here how it can do.

Based on your security requirements, it's best to create a separate service user just for this with as restricted access right as possible.

SplunkDash
Motivator

Hello @isoutamo,

Thank you so much again:

if this is the link I need use

https://<host>:<mPort>/services/search/jobs/{search_id}

 What is the {search_id} , and how I can get that?

Tags (1)
0 Karma
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...