Splunk Dev
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

API call to retrieve information about a search when the search name contains brackets

CKM
New Member
‎01-15-2025 11:34 PM

I have been using the Splunk API from within a Python script to retrieve information about saved searches using a call to the endpoint:

 

hxxps://<splunk_server>/-/-/saved/searches/<name_of_saved_search>?output_mode=json

 

The <name_of_saved_search> has been URL encoded to deal with some punctuation (including '/'), using the Python function:

 

name_of_searched_search = urllib.parse.quote(search_name, safe='')

 

It has been working so far, but recently I encountered an issue when the name of the saved search contains square brackets (e.g. "[123] My Search")

Even after URL encoding, Splunk's API just does not accept the API call at the endpoint:

 

hxxps://<splunk_server>/-/-/saved/searches/%5B123%5D%20My%20Search?output_mode=json

 

and returns a response with HTTP status code of 404 (Not Found).

I am not sure what else I should be doing to handle the square brackets in the name of the saved search to make the API call work.

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Last month, I met with a Senior Fraud Analyst at a nationally recognized bank to discuss their recent success ...

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

What has been announced?  In the blog, “Preparing your Splunk Environment for OpensSSL3,”we announced the ...
Top