Re: Why can't we search within Searches, reports a...

ddrillic · ‎11-20-2017

When we search within Searches, reports and alerts, we get the entire set of items.

What can it be? As we search for API in this example...

burwell · ‎11-25-2017

Dear ddrillic: search for something like "nothere" which is unlikely to be in any of your search titles or the actual search. Does that match your searches, reports and alerts? I suggest this because API matched a lot of my searches too and not just the titles.

burwell · ‎11-20-2017

Hi. If you have the string API in the subject or in the body of the search, it will match.

ddrillic · ‎11-20-2017

You see, the problem I have is that everything comes back, including items that don't match...

burwell · ‎11-21-2017

Hi. What version of Splunk?

burwell · ‎11-21-2017

So a good test.. search for something like nothere which is unlikely to be in any of your search titles or the actual search. Does that match your searches, reports and alerts? I suggest this because API matched a lot of my searches too and not just the titles.

kamlesh_vaghela · ‎11-20-2017

HI @ddrillic,

Do you have any searches, reports or alerts in "AppName" app?

Can you please uncheck "show only objects created in this app context" checkbox? You might be found your desired savedsearches.

Thanks

ddrillic · ‎11-20-2017

No luck with that @kamlesh_vaghela.

I also tried searching for API* but everything comes back.

MuS · ‎11-20-2017

What does the messages tell you, you have 4 of them?

If you query the REST api directly can you get something back:

 | rest /servicesNS/-/-/saved/searches splunk_server=local | search title="api*"

Why can't we search within Searches, reports and alerts?

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM