Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Rest API to re-trigger report using saved search with spaces and special characters possible?

dondky
Path Finder
‎08-03-2016 08:06 AM

Hello all, we have an app we built that queries active directory to send login reports for all our administrators. The report is scheduled via cron to run at 6AM and guess what our license expired during the night causing the reports not to run. As a result I've been tasked with figuring out how to re-trigger these reports. We have 1 report sent out for each Administrator in our organization. Let's say around 300 or so.

Here is what I've done so far. My first step was to get the saved searches title:

| rest /servicesNS/-/ourcustomapp/saved/searches splunk_server=local | table title

I exported this to csv so I could use curl + the shell to loop through the title and hopefully re-trigger these alerts based on saved searches title.

Well it wasn't that easy.

Some accounts are simple and work such as "JohnDoe", but we have some accounts that are "Jane Austin (server administrator)" so we have spaces ( characters and what not.

So I attempted to write a script that takes each of the saved search names above and send them through like so:

curl -k -u admin:changeme https://localhost:8089/servicesNS/admin/domainadminalerts/saved/searches/JohnDoe/dispatch -d trigger_actions=1

This works, for JohnDoe, but passing in 

curl -k -u admin:changeme https://localhost:8089/servicesNS/admin/domainadminalerts/saved/searches/"Jane Austin (server administrator)"/dispatch -d trigger_actions=1

Fails, Does this need to be URL encoded? Please let me know if I'm on the right path to this.

Thanks

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

burwell
SplunkTrust
SplunkTrust
‎08-03-2016 09:48 AM

Yes that is it. When I use the REST API I need to specify %20 for spaces. So add some code to replace %20 for the space in your saved search name.

To see the encoding you can go to the list of saved searches (Settings -> Searches and Reports) then click on your search as if to edit. You will see the URL. For example for myserver.com with a saved search of the name "my search with spaces" I see the URL below. I can see the spaces got encoded to %20

http://myserver.com:8000/splunk/en-US/manager/search/saved/searches/my%20search%20with%20spaces?acti...

View solution in original post

Reply
Solved! Jump to solution
Solution

burwell
SplunkTrust
SplunkTrust
‎08-03-2016 09:48 AM

Yes that is it. When I use the REST API I need to specify %20 for spaces. So add some code to replace %20 for the space in your saved search name.

To see the encoding you can go to the list of saved searches (Settings -> Searches and Reports) then click on your search as if to edit. You will see the URL. For example for myserver.com with a saved search of the name "my search with spaces" I see the URL below. I can see the spaces got encoded to %20

http://myserver.com:8000/splunk/en-US/manager/search/saved/searches/my%20search%20with%20spaces?acti...

Reply
Solved! Jump to solution

dondky
Path Finder
‎08-03-2016 10:00 AM

Thanks I suspected so. Time to do some replacements!

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎08-03-2016 09:45 AM

Yes, the REST API endpoint is in fact a URL so special characters such as space, hyphen etc would need to be URL encoded.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
Top