Splunk Search

Change default APP in a rest API call for a inputlookup

kilimche
Explorer

Hi could you please give me an advice how to edit a call to the Splunk Rest API with the following parameter:

search | inputlookup mylookup.csv

The goal is to use another APP, not the user default one.

I tried the following but it gave me same result:

| inputlookup mylookup.csv

| eval app_name = $env:MyNewApp$ 

 

Thanks a lot!

Labels (1)
0 Karma
1 Solution

kilimche
Explorer

Hello

I was able to change the relative URL and successfully get the new app data -changing the default application search. 

I used this article: 

https://community.splunk.com/t5/Getting-Data-In/REST-API-with-namespace/m-p/9596

 

My API call looks like

https://splunkserver:8089/servicesNS/YOUR_USERNAME/TARGET_NAMESPACE/search/jobs
The TargetNamespace is the new APP (search header).

 

Thanks

 

 

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

You may find some helpful information at https://docs.splunk.com/Documentation/Splunk/8.2.3/RESTUM/RESTusing#Namespace

---
If this reply helps you, Karma would be appreciated.
0 Karma

kilimche
Explorer

Thanks, 

I am still not able to make this work

0 Karma

richgalloway
SplunkTrust
SplunkTrust

It would help if you shared the call you're trying.

---
If this reply helps you, Karma would be appreciated.

kilimche
Explorer

Hello

I was able to change the relative URL and successfully get the new app data -changing the default application search. 

I used this article: 

https://community.splunk.com/t5/Getting-Data-In/REST-API-with-namespace/m-p/9596

 

My API call looks like

https://splunkserver:8089/servicesNS/YOUR_USERNAME/TARGET_NAMESPACE/search/jobs
The TargetNamespace is the new APP (search header).

 

Thanks

 

 

Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...