Other Usage
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk REST API query (possible issue with URL encoding)

tomapatan
Contributor
‎04-06-2023 01:28 AM

Hi Everyone,

I`m learning about the Splunk REST API and I`m experiencing some temperamental behaviour, for example I can fetch results using the query listed below from some reports, but it fails for others, example below:

 

curl -k -H "Authorization: Splunk myValidToken" https://myValidDomainName.splunkcloud.com:8089/services/saved/searches/%5BLOOKUP%5D%20Active%20Directory%20Devices%20No2/acl

 

 Response:

 

<?xml version="1.0" encoding="UTF-8"?>
<response>
  <messages>
    <msg type="ERROR">Could not find object id=[LOOKUP] Active Directory Devices No2</msg>
  </messages>
</response>

 

The report name is correct.

Have you got any suggestions for me ?

Many thanks,

Toma

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

tscroggins
Influencer
‎04-06-2023 03:45 PM

Hi,

This occurs when the object you're referencing is not visible in the user's default context. You can reference the user/app context directly with:

https://myValidDomainName.splunkcloud.com:8089/servicesNS/<user>/<app>/saved/searches/%5BLOOKUP%5D%20Active%20Directory%20Devices%20No2/acl

where <user> and <app> are the user name and app name, respectively. If you have read access to the object but don't know the owner or app, you can use hyphens as wildcards:

https://myValidDomainName.splunkcloud.com:8089/servicesNS/-/-/saved/searches/%5BLOOKUP%5D%20Active%20Directory%20Devices%20No2/acl

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

tscroggins
Influencer
‎04-06-2023 03:45 PM

Hi,

This occurs when the object you're referencing is not visible in the user's default context. You can reference the user/app context directly with:

https://myValidDomainName.splunkcloud.com:8089/servicesNS/<user>/<app>/saved/searches/%5BLOOKUP%5D%20Active%20Directory%20Devices%20No2/acl

where <user> and <app> are the user name and app name, respectively. If you have read access to the object but don't know the owner or app, you can use hyphens as wildcards:

https://myValidDomainName.splunkcloud.com:8089/servicesNS/-/-/saved/searches/%5BLOOKUP%5D%20Active%20Directory%20Devices%20No2/acl

 

0 Karma
Reply
Solved! Jump to solution

tomapatan
Contributor
‎04-11-2023 12:49 AM

Worked like a charm, much appreciated.

0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...