Reporting

Get the results of a Report per REST

hypePG
Path Finder

Hey everybody,

I am pretty sure this question already was asked, but I cant find help anywhere else.
I got a report called "test" created from User "Bob" in an app called "nmon". With a technical user which has the permissions to read and execute this report I want to get the result via REST. Like I said permissions are set.

curl -u u:p -k https://splunk:8089/servicesNS/-/-/saved/searches/test/ -X GET -d output_mode=json gives me the details of the report.

curl -u u:p -k https://splunk:8089/services/saved/searches/test/ -X GET -d output_mode=json should work, but just gives me the error "could not find object test"

My understanding of working with savedsearches via REST was, that in a first step i need to dispatch the search to get the results with the help of the SID. This doesnt work either. Because on this curl curl -u u:p -k https://splunk:8089/servicesNS/-/-/saved/searches/test/dispatch -X GET -d output_mode=json I get the following error
"Invalid custom action for this internal handler (handler: savedsearch, custom action: dispatch, eai action: list)." ...

Please help, what am I missing?

Thanks in advance,
Max

0 Karma

somesoni2
SplunkTrust
SplunkTrust
0 Karma
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...