- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
data:image/s3,"s3://crabby-images/f2c43/f2c43ff9fe30701b4ec7d60d5201063534e5c1eb" alt="SplunkTrust SplunkTrust"
Here is some old answers and other examples/instructions how to use it
- https://community.splunk.com/t5/Getting-Data-In/REST-API-endpoints-for-saved-searches/m-p/355507
- https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTsearch#saved.2Fsearches
- https://community.splunk.com/t5/Splunk-Search/How-to-execute-a-saved-search-using-Splunk-s-REST-API/...
- https://dev.splunk.com/enterprise/docs/devtools/python/sdk-python/howtousesplunkpython/howtowork/#To...
- https://community.splunk.com/t5/Reporting/How-to-start-a-saved-search-using-REST-API/m-p/88026
- https://hurricanelabs.com/splunk-tutorials/splunk-searching-with-rest-api/
- https://stackoverflow.com/questions/70541196/http-get-method-for-splunk-saved-search-using-access-to...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
data:image/s3,"s3://crabby-images/f2c43/f2c43ff9fe30701b4ec7d60d5201063534e5c1eb" alt="SplunkTrust SplunkTrust"
Saved searches ids are in the following format:
owner:app:title
You can load the results with
| loadjob savedsearch="owner:app:title"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
data:image/s3,"s3://crabby-images/f2c43/f2c43ff9fe30701b4ec7d60d5201063534e5c1eb" alt="SplunkTrust SplunkTrust"
If/when you are running this on SHC, you should remember this:
A search head cluster can run the loadjob command only on scheduled saved searches. A search head cluster runs searches on results or artifacts that the search head cluster replicates.
r. Ismo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Thank you so much for your quick response, truly appreciate it.
The main objective here is to export this report result to third party server using API. My plan is to pull the report results and store it in one of our servers using API and send that result from there to third party server using another API call. Do you have any recommendations how I can proceed or can make API call to get/pull that report to our server?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
data:image/s3,"s3://crabby-images/f2c43/f2c43ff9fe30701b4ec7d60d5201063534e5c1eb" alt="SplunkTrust SplunkTrust"
Probably calling this search via REST API is the easiest way to get report from splunk to your another server/service. You could read from here how it can do.
Based on your security requirements, it's best to create a separate service user just for this with as restricted access right as possible.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
data:image/s3,"s3://crabby-images/f2c43/f2c43ff9fe30701b4ec7d60d5201063534e5c1eb" alt="SplunkTrust SplunkTrust"
Here is some old answers and other examples/instructions how to use it
- https://community.splunk.com/t5/Getting-Data-In/REST-API-endpoints-for-saved-searches/m-p/355507
- https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTsearch#saved.2Fsearches
- https://community.splunk.com/t5/Splunk-Search/How-to-execute-a-saved-search-using-Splunk-s-REST-API/...
- https://dev.splunk.com/enterprise/docs/devtools/python/sdk-python/howtousesplunkpython/howtowork/#To...
- https://community.splunk.com/t5/Reporting/How-to-start-a-saved-search-using-REST-API/m-p/88026
- https://hurricanelabs.com/splunk-tutorials/splunk-searching-with-rest-api/
- https://stackoverflow.com/questions/70541196/http-get-method-for-splunk-saved-search-using-access-to...
data:image/s3,"s3://crabby-images/2f34b/2f34b8387157c32fbd6848ab5b6e4c62160b6f87" alt=""