Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Reporting
- :
- How to use PowerShell to export a saved search usi...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to use PowerShell to export a saved search using invoke-restmethod?
Hi All,
I need to turn this:
curl --insecure -k -u username "https://api.splunk.company.com:443/servicesNS/username/sse_sitescope_prod_v01/saved/searches/apisear..."
Into a PowerShell equivalent:
api.splunk.company.com:443 is not trusted, as it does not have an SSL cert.
I've read many examples, I just want to export this saved search using invoke-restmethod
Can anyone assist?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you use powershell version 6 then you can add -SkipCertificateCheck.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I appreciate the response.
I just can't seem to get the entire invoke-restmethod command down pat
I can work with the cert issue , i see where you can search splunk with invoke-restmethod.
I want to be able to have powershell invoke-restmethod and export a saved search
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you don't have powershell 6 then there are other ways to avoid checking certificates. Google can help find them.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i was just mentioning that my curl command had --insecure because it will throw ssl errors at you and not run if you dont because the site is not trusted/has an ssl cert
Skipping certs is just one line that I already have
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
But I'm to form the entire 10 other lines, i cant find a good example to work with when exporting a saved search
$search=""https://api.splunk.company.com:443/services/search/jobs/scheduler__username_c3NlX3NpdGVzY29wZV9wcm9kX3YwMQ__usernameapisearchv3_at_1590751800_36332_8CEC1426-6D01-4FD1-8F3C-31B0C726D471/results?count=0" <-- im trying to do something like this
#$search = $servar # Cmdlet handles urlencoding
$body = @{
search = $search
output_mode = "json"
earliest_time = "-31d"
latest_time = "-5d"
}
Invoke-RestMethod -Method get -Uri $url -Credential $cred -Body $body
Regards,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't know why it formatted it like this, but, it is what it is
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In the end i want the history for the sid and then i want to call:
curl --insecure -u username "https://api.splunk.company.com:443/services/search/jobs/Enter sid/results?count=0"
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass
May 2026 Splunk Expert Sessions: Security & Observability
