Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to start a saved search using REST API

mauhumor
Explorer
‎11-12-2010 01:23 AM

How to start a saved search using REST API URL?

I can make a GET the saves searchs, extract the 'search' expression and run it using a POST.

But I could not find any reference on how to start a job passing as an argument a saves search ID instead of the search expression.

Is there a another URL or parameter for that?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

Genti
Splunk Employee
Splunk Employee
‎11-13-2010 01:02 AM 
curl -k -u admin:changeme -d "search=savedsearch %22Errors%20in%20the%20last%2024%20hours%22" https://localhost:8089/services/search/jobs/

This will call a savedsearch named "Errors in the last 24 hours" - one of the default splunk saved searches..

Check this thread for some more info on how to run rest api searches, how to check if the search has finished, and how to get the results http://answers.splunk.com/questions/8940/

View solution in original post

Reply
Solved! Jump to solution

dishasaxena
Path Finder
‎08-09-2013 05:10 AM

You can get the search ID for the saved search by running below command:

curl -k -u user:password https://localhost:8089/servicesNS/admin/search/saved/searches/My_Saved_Search/dispatch -d "trigger_actions=1"

You will get a response like below:

admin__admin__search__RMD53566916a3c467274_at_1376044050_4161

Now you can get the output by running below command:

curl -k -u user:password https://localhost:8089/servicesNS/admin/search/search/jobs/admin__admin__search__RMD53566916a3c46727... --get  -d output_mode=csv -d count=10

Note: admin__admin__search__RMD53566916a3c467274_at_1376044050_4161 is the serach ID you received from output of above command.

Reply
Solved! Jump to solution

jgigliotti
Engager
‎06-17-2016 12:53 AM

I use the example to search ID for my saved search however get the following error, any assistance please thanks.

curl -k -u user:password https://localhost:8089/servicesNS/admin/search/saved/searches/My_Saved_Search/dispatch -d "trigger_action=1"


<msg type="ERROR">
 In handler 'savedsearch': Argument "trigger_action" is not supported by this handler.
0 Karma
Reply
Solved! Jump to solution

raugugliaro
New Member
‎02-14-2018 10:25 AM

Just FYI for anybody reading this thread its "trigger_actions" not "trigger_action"

0 Karma
Reply
Solved! Jump to solution
Solution

Genti
Splunk Employee
Splunk Employee
‎11-13-2010 01:02 AM 
curl -k -u admin:changeme -d "search=savedsearch %22Errors%20in%20the%20last%2024%20hours%22" https://localhost:8089/services/search/jobs/

This will call a savedsearch named "Errors in the last 24 hours" - one of the default splunk saved searches..

Check this thread for some more info on how to run rest api searches, how to check if the search has finished, and how to get the results http://answers.splunk.com/questions/8940/

Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...