No, the search/jobs endpoint doesn't provide that info. You'd have to take the report's ID built from the label, user, and app returned by search/jobs and look at the saved/searches endpoint as you found out already 🙂
Take a look at this example to illustrate:
| rest /services/search/jobs search="isSavedSearch=1" | rename eai:acl.app as app | fields author app label sid | map search="rest /servicesNS/$author$/$app$/saved/searches/$label$ | fields title action.script action.script.filename | eval sid=\"$sid$\""
Thanks for the immediate reply. I understood the logic.
But I got the following error:
"The search result count (354) exceeds maximum (10), using max. To override it, set maxsearches appropriately."
I'm new to splunk search. Any help would be great.
Thank you again!!
By default the
map command will only execute ten searches, see http://docs.splunk.com/Documentation/Splunk/6.1.1/SearchReference/map for reference. Add
maxsearches=0 to disable the maximum entirely.
Consider filtering before the map, for example by app or search name - unless you want to see all 354 entries.