Other Usage

ITWhisperer
SplunkTrust
SplunkTrust

Saved searches ids are in the following format:

owner:app:title

You can load the results with 

| loadjob savedsearch="owner:app:title"

isoutamo
SplunkTrust
SplunkTrust

If/when you are running this on SHC, you should remember this:

A search head cluster can run the loadjob command only on scheduled saved searches. A search head cluster runs searches on results or artifacts that the search head cluster replicates.

r. Ismo

SplunkDash
Motivator

Hello,

Thank you so much for your quick response, truly appreciate it.

The main objective here is to export this report result to third party server using API. My plan is to pull the report results and store it in one of our servers using API and send that result from there to third party server using another API call. Do you have any recommendations how I can proceed or can make API call to get/pull that report  to our server?

Tags (1)
0 Karma

isoutamo
SplunkTrust
SplunkTrust

Probably calling this search via REST API is the easiest way to get report from splunk to your another server/service. You could read from here how it can do.

Based on your security requirements, it's best to create a separate service user just for this with as restricted access right as possible.

SplunkDash
Motivator

Hello @isoutamo,

Thank you so much again:

if this is the link I need use

https://<host>:<mPort>/services/search/jobs/{search_id}

 What is the {search_id} , and how I can get that?

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...