Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I write a search that will list all the saved reports in my splunk environment?

saikatr
Path Finder
‎03-05-2015 06:11 AM

I need to write search queries to list all the dashboards and reports saved in my splunk environment. I was able to list the dashboards by using

| rest /servicesNS/-/-/data/ui/views | search isDashboard=1 | search eai:acl.app=search |

but I am unable to write a query for the latter.

i thought | rest /servicesNS/-/-/data/ui/views | would at least list all the reports (among other views) and i would be able to filter the rest out. Unfortunately, this isn't even listing all the reports available to me.

I am a new user and any help is greatly appreciated.

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎03-05-2015 06:37 AM

Hi saikatr,

how about using this REST endpoint:

| rest /services/saved/searches

cheers, MuS

View solution in original post

Reply
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎03-05-2015 06:37 AM

Hi saikatr,

how about using this REST endpoint:

| rest /services/saved/searches

cheers, MuS

Reply
Solved! Jump to solution

saikatr
Path Finder
‎03-05-2015 08:52 AM

Thanks MuS,

This clearly sets me on the right path, This gave me a nice mix of reports and alerts:

| rest /services/saved/searches/ | search is_visible=1 | fields title is_scheduled is_visible eai:acl.perms.write eai:acl.sharing

Would you by any chance be able to test this query and inform what might be the critical step to be able to list the reports and alerts separately?

0 Karma
Reply
Solved! Jump to solution

astackpole
Path Finder
‎10-12-2021 08:16 AM

Did you ever get this resolved?

I see this is an old comment but am trying to accomplish the same thing now as well (list reports and alerts in separate dashboard panels).

0 Karma
Reply
Solved! Jump to solution

dwraesner
Path Finder
‎02-04-2023 06:23 AM

Hello,

This is definitely an old post, but can anyone share how they have created a search to accurately list whether a saved search is either a report or an alert.

This list exists under the menu item Searches, Reports & Alerts as the column Type lists whether it's a report or an alert, but the code underneath doesn't seem to be viewable like selecting a panel in a dashboard will show the underlying SPL.

Also that report from Searches, Reports & Alerts which shows the Type doesn't seem to be exportable.

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎02-04-2023 07:32 AM

Hi

here is my old answer https://community.splunk.com/t5/Monitoring-Splunk/How-do-I-export-all-alerts-to-csv-or-pdf/m-p/62922...

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...