Reporting

Get the results of a Report per REST

hypePG
Path Finder

Hey everybody,

I am pretty sure this question already was asked, but I cant find help anywhere else.
I got a report called "test" created from User "Bob" in an app called "nmon". With a technical user which has the permissions to read and execute this report I want to get the result via REST. Like I said permissions are set.

curl -u u:p -k https://splunk:8089/servicesNS/-/-/saved/searches/test/ -X GET -d output_mode=json gives me the details of the report.

curl -u u:p -k https://splunk:8089/services/saved/searches/test/ -X GET -d output_mode=json should work, but just gives me the error "could not find object test"

My understanding of working with savedsearches via REST was, that in a first step i need to dispatch the search to get the results with the help of the SID. This doesnt work either. Because on this curl curl -u u:p -k https://splunk:8089/servicesNS/-/-/saved/searches/test/dispatch -X GET -d output_mode=json I get the following error
"Invalid custom action for this internal handler (handler: savedsearch, custom action: dispatch, eai action: list)." ...

Please help, what am I missing?

Thanks in advance,
Max

0 Karma

somesoni2
Revered Legend
0 Karma
Get Updates on the Splunk Community!

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...