Solved: How to get savedsearch list in Splunk Cloud

skasagawa · ‎11-09-2022

I know I can use the "rest" command as in the link below to get the list of savedsearches.

Since the "rest" command cannot be used in Splunk Cloud, I would like an SPL that can be listed without using that command.

It seems that the "rest" command can also be used if i contact Cloud Support, but I don't want to use that command as much as possible!

Best Regards.

bowesmana · ‎11-09-2022

What makes you think you can't use rest commands in SPL in Splunk Cloud?

Using the REST API SDK is different to using "| rest" commands in SPL

The "rest" commands only support read-only functions, but listing saved searches, as in that post, is possible.

bowesmana · ‎11-09-2022

What makes you think you can't use rest commands in SPL in Splunk Cloud?

Using the REST API SDK is different to using "| rest" commands in SPL

The "rest" commands only support read-only functions, but listing saved searches, as in that post, is possible.

skasagawa · ‎11-09-2022

I was mistaken.
I was able to solve it with the query given in the link.
thank you for your help

How to get savedsearch list in Splunk Cloud