Splunk Search

How can i retrieve the SID of a saved search by curl?

Robertoing
Explorer

How can i retrieve the SID of a saved search by curl?

Labels (1)
0 Karma

manjunathmeti
Champion

Then you can call your saved search using /search/jobs:

curl -u admin:changeme -k https://localhost:8089/services/search/jobs -d search="| savedsearch saved_search_name"

 You'll get SID in the response:

<response><sid>mysearch_02151949</sid></response>

And use /search/jobs/SID/results to get results:

curl -k -u admin:pass https://localhost:8089/services/search/jobs/mysearch_02151949/results

 

If this reply helps you, an upvote/like would be appreciated.

0 Karma

manjunathmeti
Champion

hi @Robertoing ,

You can use below API endpoint.

https://<host>:<mPort>/services/saved/searches/{name}/history

 

Check this for more info: https://docs.splunk.com/Documentation/SplunkCloud/8.1.2012/RESTREF/RESTsearch#saved.2Fsearches.2F.7B...

 

If this reply helps you, an upvote/like would be appreciated.

 

0 Karma

Robertoing
Explorer

If the saved search is scheduled, but my saved search no. How can i start my saved search and get the SID to see the results?

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...