Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

..

amys
Engager
‎12-27-2021 10:21 PM
 
Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎12-28-2021 05:47 AM

While ES has its own API endpoints (see https://docs.splunk.com/Documentation/ES/7.0.0/API/AbouttheSplunkEnterpriseSecurityAPI), it mostly uses core Splunk APIs.  For correlation searches, use the savedsearches endpoints.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎12-28-2021 05:47 AM

While ES has its own API endpoints (see https://docs.splunk.com/Documentation/ES/7.0.0/API/AbouttheSplunkEnterpriseSecurityAPI), it mostly uses core Splunk APIs.  For correlation searches, use the savedsearches endpoints.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

amys
Engager
‎12-28-2021 06:03 AM

..

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎12-28-2021 06:58 AM

The saved/searches API documentation is at https://docs.splunk.com/Documentation/Splunk/8.2.4/RESTREF/RESTsearch#saved.2Fsearches .

As for which parameters are needed for a correlation search, I recommend using GET on an known correlation search to see which parameters are populated.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...