Hey everybody,
I am pretty sure this question already was asked, but I cant find help anywhere else.
I got a report called "test" created from User "Bob" in an app called "nmon". With a technical user which has the permissions to read and execute this report I want to get the result via REST. Like I said permissions are set.
curl -u u:p -k https://splunk:8089/servicesNS/-/-/saved/searches/test/ -X GET -d output_mode=json
gives me the details of the report.
curl -u u:p -k https://splunk:8089/services/saved/searches/test/ -X GET -d output_mode=json
should work, but just gives me the error "could not find object test"
My understanding of working with savedsearches via REST was, that in a first step i need to dispatch the search to get the results with the help of the SID. This doesnt work either. Because on this curl curl -u u:p -k https://splunk:8089/servicesNS/-/-/saved/searches/test/dispatch -X GET -d output_mode=json
I get the following error
"Invalid custom action for this internal handler (handler: savedsearch, custom action: dispatch, eai action: list)."
...
Please help, what am I missing?
Thanks in advance,
Max