I'm wondering if there is an equivalent way to do this with the rest search command:
curl -k -u admin:changeme -d "search=savedsearch CIF%3Adomain_botnet" -d "outputmode=csv" https://localhost:8089/servicesNS/admin/search/search/jobs/export -o domainbotnet.csv
That runs the saved search called CIF:domain_botnet.
Is that possible?
sure, have you seen the saved search REST API docs?
There are also some examples in the SDKs available:
For Java - http://dev.splunk.com/view/java-sdk/SP-CAAAEKY#runsavedargs
For C# - http://dev.splunk.com/view/csharp-sdk/SP-CAAAEQF#runsavedargs
hope this helps ...
I looked through the API doc, though I'm not a developer...
It would seem that something like this should work:
| rest /servicesNS/craig/saved/searches/InputDomain/dispatch splunk_server=10.10.10.10 get-arg-name="dispatch.now" get-arg-value="true"
But that never gets any results. Nor does it produce any kind of error.
I'm also unclear on how to authenticate to the remote Splunk server using the rest command...