This one worked
https://splunk-api-url:8089/servicesNS/nobody/appname/search/jobs/export?output_mode=json&segmentation=none&latest_time=2020-07-15T00%3A05%3A00.000&earliest_time=2020-07-15T00%3A00%3A00.000&search=|savedsearch%20savedsearchname%20|search%20Code=XXX-10-12
This one worked
https://splunk-api-url:8089/servicesNS/nobody/appname/search/jobs/export?output_mode=json&segmentation=none&latest_time=2020-07-15T00%3A05%3A00.000&earliest_time=2020-07-15T00%3A00%3A00.000&search=|savedsearch%20savedsearchname%20|search%20Code=XXX-10-12
Can you provide more details?
Hi
1. If suppose I need to view some particular index logs in putty, how to write a curl query ?
2. Question no. 1 should be seen for every 15 mins
For Question 1, I used below query but getting error (>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.)
curl -u adminuserid:password -k https://splunk.com/app/search/search?sid=gave that job id which we see in splunk
u = user id
k= ???
With REST you couldn’t give time, it just give what is status on time of query. If needed old events then you must try to found those from _introspection.
-k means trust non official CA signed ssl/toss cert.
r. Ismo
May I know how to write CURL command for a particular saved search called advanced_automation
I am using below command, where I am getting error as no such saved search.
curl -k -u admin:password -d "search=savedsearch advanced_automation" https://localhost:8089/services/search/jobs/